Systems and methods for automated interface-based alert delivery

ABSTRACT

Systems and methods for feature-based alert triggering are disclosed herein. The system can include memory including a model database containing a machine-learning algorithm. The system can include a user device that can receive inputs from a user; and at least one server. The at least one server can: receive electrical signals from the user device, the electrical signals corresponding to a plurality of user inputs provided to the user device; automatically generate input-based features from the received electrical signals; input the input-based features into the machine-learning algorithm; automatically and directly generate a risk prediction with the machine-learning algorithm from the input-based features; and generate and display an alert when the risk prediction exceeds a threshold value.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.62/535,732, filed on Jul. 21, 2017, and entitled “SYSTEMS AND METHODSFOR AUTOMATED FEATURE-BASED ALERT TRIGGERING”, the entirety of which ishereby incorporated by reference herein.

BACKGROUND

A computer network or data network is a telecommunications network whichallows computers to exchange data. In computer networks, networkedcomputing devices exchange data with each other along network links(data connections). The connections between nodes are established usingeither cable media or wireless media. The best-known computer network isthe Internet.

Network computer devices that originate, route and terminate the dataare called network nodes. Nodes can include hosts such as personalcomputers, phones, servers as well as networking hardware. Two suchdevices can be said to be networked together when one device is able toexchange information with the other device, whether or not they have adirect connection to each other.

Computer networks differ in the transmission media used to carry theirsignals, the communications protocols to organize network traffic, thenetwork's size, topology and organizational intent. In most cases,communications protocols are layered on other more specific or moregeneral communications protocols, except for the physical layer thatdirectly deals with the transmission media.

BRIEF SUMMARY

One aspect of the present disclosure relates to a of triggering an alertwith a computing system, the method including: receiving electricalsignals corresponding to a plurality user inputs to a computing system;automatically generating input-based features from the receivedelectrical signals; inputting the input-based features into amachine-learning algorithm; automatically and directly generating a riskprediction with the machine-learning algorithm from the input-basedfeatures; and generating and displaying an alert when the riskprediction exceeds a threshold value.

In some embodiments, at least some of the input-based features aremeaningful features. In some embodiments, the meaningful features aregenerated from substance identified in the received electrical signals.In some embodiments, at least some of the input-based features arenon-meaningful features In some embodiments, the non-meaningful featuresare independent of the substance identified in the received electricalsignals. In some embodiments, the features include at least two from: aHurst coefficient; a percent correct on first try; an average score; anaverage part score; a number of attempted parts; an average number ofattempted parts; and an aggregation parameter.

In some embodiments, the method includes: generating a response from thereceived electrical signals; and automatically evaluating the responseaccording to stored evaluation data. In some embodiments, the meaningfulfeatures are generated based on the generated response. In someembodiments, at least some of the meaningful features are generatedbased on the generated response and the evaluation of the response. Insome embodiments, the machine-learning algorithm includes at least oneof: a Random Forrest algorithm; an AdaBoost algorithm; a Naïve Bayesalgorithm; Boosting Tree, and a Support Vector Machine.

One aspect of the present disclosure relates to a system for triggeringan alert. The system includes memory including a model databasecontaining a machine-learning algorithm, which machine-learningalgorithm can generate a risk prediction based on inputted features. Thesystem includes a user device that can receive inputs from a user; andat least one server. In some embodiments, the server can: receiveelectrical signals from the user device, the electrical signalscorresponding to a plurality user inputs provided to the user device;automatically generate input-based features from the received electricalsignals; input the input-based features into the machine-learningalgorithm; automatically and directly generate a risk prediction withthe machine-learning algorithm from the input-based features; andgenerate and display an alert when the risk prediction exceeds athreshold value.

In some embodiments, at least some of the input-based features aremeaningful features. In some embodiments, the meaningful features aregenerated from substance identified in the received electrical signals.In some embodiments, at least some of the input-based features arenon-meaningful features. In some embodiments, the non-meaningfulfeatures are independent of the substance identified in the receivedelectrical signals. In some embodiments, the features include at leasttwo from: a Hurst coefficient; a percent correct on first try; anaverage score; an average part score; a number of attempted parts; anaverage number of attempted parts; and an aggregation parameter.

In some embodiments, the at least one server can: generate a responsefrom the received electrical signals; and automatically evaluate theresponse according to stored evaluation data, which alert includes agraphical depiction of the risk prediction. In some embodiments, themeaningful features are generated based on the generated response. Insome embodiments, at least some of the meaningful features are generatedbased on the generated response and the evaluation of the response. Insome embodiments, the machine-learning algorithm includes at least oneof: a Random Forrest algorithm; an AdaBoost algorithm; a Naïve Bayesalgorithm; Boosting Tree, and a Support Vector Machine.

One aspect of the present disclosure relates to a system for triggeringa pre-emptive alert. The system includes: memory including amachine-learning classifier that can generate a risk prediction based oninputted features; a first user device that can receive inputs from auser; a second user device that can display information to a user; andat least one server. The at least one server can: receive electricalsignals corresponding to user inputs to the first user device; generatea set of input-based features from the received electrical signals;select a sub-set of the input-based features from the set of features;input the sub-set of the features into the machine-learning classifier;generate a risk prediction with the machine-learning classifier; andcontrol the second user device to display an alert when the riskprediction exceeds a threshold value.

In some embodiments, the sub-set of features includes at least onemeaningful feature. In some embodiments, the at least one meaningfulfeature is generated from substance identified in the receivedelectrical signals. In some embodiments, the sub-set of featuresincludes at least one non-meaningful features. In some embodiments, theat least one non-meaningful feature is independent of the substanceidentified in the received electrical signals.

In some embodiments, the classifier includes a linear classifier. Insome embodiments, the classifier includes a probabilistic classifier. Insome embodiments, the classifier includes a Random forest classifier.

In some embodiments, inputting the sub-set of the features into themachine learning classifier includes: generating a feature vector foreach of the features in the sub-set of features; and inputting thefeature vectors into the classifier. In some embodiments, the alertincludes a graphical depiction of the risk prediction.

One aspect of the present disclosure relates to a method of triggering apre-emptive alert with a computing system. The method includes:receiving electrical signals corresponding to a plurality user inputs toa computing system; automatically generating a set of input-basedfeatures from the received electrical signals; selecting a sub-set ofthe input-based features from the set of input-based features; inputtingthe sub-set of the input-based features into a machine-learningalgorithm; generating a risk prediction with the machine-learningalgorithm from the input-based features; and displaying an alert whenthe risk prediction exceeds a threshold value.

In some embodiments, the sub-set of features includes at least onemeaningful feature. In some embodiments, the at least one meaningfulfeature is generated from substance identified in the receivedelectrical signals. In some embodiments, the sub-set of featuresincludes at least one non-meaningful features. In some embodiments, theat least one non-meaningful feature is independent of the substanceidentified in the received electrical signals.

In some embodiments, the machine-learning algorithm can be a classifier,which classifier can be a linear classifier. In some embodiments, themachine-learning algorithm can be a classifier, which classifier can bea probabilistic classifier. In some embodiments, the machine-learningalgorithm can be a classifier, which classifier can be a Random forestclassifier.

In some embodiments, inputting the sub-set of the features into themachine-learning algorithm includes: generating a feature vector foreach of the features in the sub-set of features; and inputting thefeature vectors into the machine-learning algorithm. In someembodiments, the alert includes a graphical depiction of the riskprediction.

One aspect of the present disclosure relates to a system for on-the-flyalert triggering customization. The system includes memory including: amachine-learning classifier that can generate a risk prediction based oninputted features; a user profile database identifying a user andcontaining metadata associated with the user; and a customizationdatabase identifying one or several user attributes and a customizationassociated with each of those one or several user attributes, whichcustomization identifies a sub-set of potential features for use ingenerating a risk prediction. The system can include: a first userdevice that can receive inputs from a user; a second user device thatcan display information to a user; and at least one server. The at leastone server can: receive electrical signals corresponding to user inputsto the first user device; retrieve metadata associated with the user ofthe first user device; identify a customization for the user of thefirst user device based on the retrieved metadata; select a sub-set ofinput-based features from the received electrical signals according tothe identified customization; input the sub-set of the features into themachine-learning classifier; and generate a customized risk predictionwith the machine-learning classifier.

In some embodiments, the at least one server can modify themachine-learning classifier according to the identified customization.In some embodiments, the machine-learning classifier includes aplurality of classifiers. In some embodiments, each of the plurality ofclassifiers is associated with a unique set of features. In someembodiments, modifying the machine-learning classifier includesselecting a one of the plurality of classifiers corresponding to thesub-set of features selected according to the customization.

In some embodiments, the at least one server can control the second userdevice to display an alert when the risk prediction exceeds a thresholdvalue. In some embodiments, the alert includes a graphical depiction ofthe risk prediction. In some embodiments, the metadata are unique to theuser. In some embodiments, the customization is determined according toa portion of the metadata that is non-unique to the user and is uniqueto a set of users sharing at least one common attribute. In someembodiments, inputting the sub-set of the features into themachine-learning classifier includes: generating a feature vector foreach of the features in the sub-set of features; and inputting thefeature vectors into the classifier. In some embodiments, the at leastone server can generate a set of features, and the sub-set of featuresis selected from the generated set of features.

One aspect of the present disclosure relates to a method for on-the-flyalert triggering customization. The method includes: receivingelectrical signals corresponding to user inputs to a first user device;retrieving metadata associated with a user of the first user device;identifying a customization for the user of the first user device basedon the retrieved metadata; selecting a sub-set of input-based featuresfrom the received electrical signals according to the identifiedcustomization; inputting the sub-set of the features into amachine-learning classifier; and generating a customized risk predictionwith the machine-learning classifier.

In some embodiments, the method includes modifying the machine-learningclassifier according to the identified customization. In someembodiments, the machine-learning classifier includes a plurality ofclassifiers. In some embodiments, each of the plurality of classifiersis associated with a unique set of features. In some embodiments,modifying the machine-learning classifier includes selecting a one ofthe plurality of classifiers corresponding to the sub-set of featuresselected according to the customization.

In some embodiments, the method includes controlling a second userdevice to display an alert when the risk prediction exceeds a thresholdvalue. In some embodiments, the alert includes a graphical depiction ofthe risk prediction. In some embodiments, the metadata are unique to theuser. In some embodiments, the customization is determined according toa portion of the metadata that is non-unique to the user and that isunique to a set of users sharing at least one common attribute. In someembodiments, inputting the sub-set of the features into themachine-learning classifier includes: generating a feature vector foreach of the features in the sub-set of features; and inputting thefeature vectors into the classifier. In some embodiments, the methodincludes generating a set of features. In some embodiments, the sub-setof features is selected from the generated set of features.

One aspect of the present disclosure relates to a system foruser-independent second-level machine-learning alert triggering. Thesystem includes memory including: a machine-learning classifier that cangenerate a risk prediction based on inputted features; a first-levelfeature database including instructions for generating first-levelfeatures from received digital communications corresponding to userinputs to a first user device; and a second-level feature databaseincluding instructions for generating second-level features from thefirst-level features. The system can include: a first user device thatcan receive inputs from a user and transmit these inputs as one or moredigital communications; and at least one server. The at least one servercan: receive the one or more digital communications from the first userdevice; generate first-level features from the received one or moredigital communications according to the instructions in the first-levelfeature database; generate second-level features from the generatedfirst-level features; and generate and deliver a risk predictionaccording the generated second-level features via a machine-learningclassifier.

In some embodiments, the at least one server can generate second-levelfeatures from first-level features generated from digital communicationsreceived from additional user devices. In some embodiments, the at leastone server can aggregate the first-level features generated from digitalcommunications received from the first user device and from theadditional user devices.

In some embodiments, the first-level features are aggregated oversequential predetermined times. In some embodiments, the second-levelfeatures are generated at an end of each of the sequential predeterminedtimes. In some embodiments, the first-level features are aggregateduntil a minimum number of aggregated first-level features is reached. Insome embodiments, the second-level features are generated when theminimum number of aggregated first-level features is reached.

In some embodiments, generating and delivering the risk predictionincludes: identifying a second-level feature set including second-levelfeatures generated from first level features generated from digitalcommunications received from the first user device and some of theadditional user devices, which second-level feature set is identifiedbased on a shared attribute of the user of the first user device andusers of the some of the additional user devices; identifying similarsecond-level features sets, which similar second-level feature sets areidentified based on a shared attribute of the second-level feature setand the similar second-level feature sets; identifying an anomaly in thesecond-level feature set; and indicating risk based on the identifiedanomaly, which indicated risk is non-specific to the user of the firstuser device. In some embodiments, generating and delivering the riskprediction includes: identifying a second-level feature set includingsecond-level features generated from first level features generated fromdigital communications received from the first user device and some ofthe additional user devices, which second-level feature set isidentified based on a shared attribute of the user of the first userdevice and users of the some of the additional user devices; inputtingthe second-level feature set into a machine-learning classifier; andgenerating a risk prediction with the machine-learning classifier, whichrisk prediction is non-specific to the user of the first user device. Insome embodiments, the at least one server can control a second userdevice to display an alert based on the risk prediction, which alertincludes a graphical depiction of the risk prediction.

One aspect of the present disclosure relates to a method foruser-independent second-level machine-learning alert triggering. Themethod includes: receiving one or more digital communications from afirst user device; generating first-level features from the received oneor more digital communications according to instructions in afirst-level feature database; generating second-level features from thegenerated first-level features; and generating and delivering a riskprediction according the generated second-level features via amachine-learning classifier.

In some embodiments, the method includes generating second-levelfeatures from first-level features generated from digital communicationsreceived from additional user devices. In some embodiments, the methodincludes aggregating the first-level features generated from digitalcommunications received from the first user device and from theadditional user devices. In some embodiments, the first-level featuresare aggregated over sequential predetermined times. In some embodiments,the second-level features are generated at an end of each of thesequential predetermined times. In some embodiments, the first-levelfeatures are aggregated until a minimum number of aggregated first-levelfeatures is reached. In some embodiments, the second-level features aregenerated when the minimum number of aggregated first-level features isreached.

In some embodiments, generating and delivering the risk predictionincludes: identifying a second-level feature set including second-levelfeatures generated from first level features generated from digitalcommunications received from the first user device and some of theadditional user devices, which second-level feature set is identifiedbased on a shared attribute of the user of the first user device andusers of the some of the additional user devices; identifying at leastone similar second-level feature set, which at least one similarsecond-level feature set is identified based on a shared attribute ofthe second-level feature set and the at least one similar second-levelfeature set; comparing the second-level feature set and the at least onesimilar second-level feature set; identifying an anomaly in thesecond-level feature set based on the comparison of the second-levelfeature set and the at least one similar second-level feature set; andindicating risk based on the identified anomaly, which indicated risk isnon-specific to the user of the first user device. In some embodiments,generating and delivering the risk prediction includes: identifying asecond-level feature set including second-level features generated fromfirst level features generated from digital communications received fromthe first user device and some of the additional user devices, whichsecond-level feature set is identified based on a shared attribute ofthe user of the first user device and users of the some of theadditional user devices; inputting the second-level feature set into amachine-learning classifier; and generating a risk prediction with themachine-learning classifier, which risk prediction is non-specific tothe user of the first user device. In some embodiments, the methodincludes controlling a second user device to display an alert based onthe risk prediction, wherein the alert includes a graphical depiction ofthe risk prediction.

One aspect of the present disclosure relates to a system for delivery ofa triggered alert. The system includes memory including a model databasecontaining a machine-learning algorithm, which machine-learningalgorithm can generate a risk prediction based on inputted features. Thesystem includes: a first user device that can receive inputs from auser; a second user device; and at least one server. The at least oneserver can: receive communications corresponding to a plurality userinputs provided to the user device; generate a risk prediction with themachine-learning algorithm based on features generated from the receivedcommunications; and direct generation of a user interface on the seconduser device, the user interface including: a cohort view including atleast one graphical depiction of the risk prediction for a set of atleast some of a plurality of users in a cohort; a sub-cohort viewincluding at least one graphical depiction of the risk prediction for atleast one of the users in the cohort; and an individual view includingat least one graphical depiction of risk sources for one user.

In some embodiments, the at least one server can switch between thecohort view, the sub-cohort view, and the individual view based on userinputs received from the second user device. In some embodiments,switching between the cohort view and the sub-cohort view includes:receiving an input identifying a display sub-cohort from the second userdevice; generating the at least one graphical depiction of the riskprediction for the at least one of the users in the display sub-cohort;and directing the second user device to generate the sub-cohort view anddisplay the generated at least one graphical depiction of the riskprediction for the at least one of the users in the display sub-cohort.

In some embodiments, the at least one graphical depiction of the riskprediction for the at least one of the users in the display sub-cohortincludes: a graphical depiction of a risk category associated withidentified display sub-cohort; an identification window includinginformation identifying the at least one of the users in the sub-cohort;a time-dependent risk window displaying risk status over a period oftime; and a risk bar identifying a current risk level. In someembodiments, switching to the individual view includes: receiving aninput identifying the one user; generating the at least one graphicaldepiction of risk sources for the identified one user; and directing thesecond user device to generate the individual view and display thegenerated at least one graphical depiction of risk sources for theidentified one user.

In some embodiments, the at least one graphical depiction of risksources for the identified one user includes: a time-dependent riskwindow that can display risk status over a period of time; and a sourcewindow that can identify sources of risk and parameters characterizingthose sources of risk. In some embodiments, the at least one graphicaldepiction of the risk prediction for the set of at least some of theplurality of users in the cohort includes: a cohort window that canidentify a current breakdown of user in the cohort into a plurality ofrisk-based sub-cohorts; and a trend window that can display a depictionof time-dependent change to a size of the risk-based sub-cohorts. Insome embodiments, the trend window can display the depiction of thetime-dependent change to the size of the risk-based sub-cohorts over asliding temporal window. In some embodiments, the trend window canautomatically update as the size of the risk-based sub-cohorts changesand as the sliding temporal window shifts. In some embodiments,generating a risk prediction with the machine-learning algorithm basedon features generated from the received communications includes:generating a feature vector for each of the features; and inputting thefeature vectors into the machine-learning algorithm.

One aspect of the present disclosure relates to a method for delivery atriggered alert. The method includes: receiving communicationscorresponding to a plurality user inputs provided to a user device by auser; generating a risk prediction with a machine-learning algorithmbased on features generated from the received communications; anddirecting generation of a user interface on a second user device, theuser interface including: a cohort view including at least one graphicaldepiction of the risk prediction for a set of at least some of aplurality of users in a cohort; a sub-cohort view including at least onegraphical depiction of the risk prediction for at least one of the usersin the cohort; and an individual view including at least one graphicaldepiction of risk sources for one user.

In some embodiments, the method includes switching between the cohortview, the sub-cohort view, and the individual view based on user inputsreceived from the second user device. In some embodiments, switchingbetween the cohort view and the sub-cohort view includes: receiving aninput identifying a display sub-cohort from the second user device;generating the at least one graphical depiction of the risk predictionfor the at least one of the users in the display sub-cohort; anddirecting the second user device to generate the sub-cohort view anddisplay the generated at least one graphical depiction of the riskprediction for the at least one of the users in the display sub-cohort.

In some embodiments, the at least one graphical depiction of the riskprediction for the at least one of the users in the display cohortincludes: a graphical depiction of a risk category associated withidentified display sub-cohort; an identification window includinginformation identifying the at least one of the users in the sub-cohort;a time-dependent risk window displaying risk status over a period oftime; and a risk bar identifying a current risk level. In someembodiments, switching to the individual view includes: receiving aninput identifying the one user; generating the at least one graphicaldepiction of risk sources for the identified one user; and directing thesecond user device to generate the individual view and display thegenerated at least one graphical depiction of risk sources for theidentified one user.

In some embodiments, the at least one graphical depiction of risksources for the identified one user includes: a time-dependent riskwindow that can display risk status over a period of time; and a sourcewindow that can identify sources of risk and parameters characterizingthose sources of risk. In some embodiments, the at least one graphicaldepiction of the risk prediction for the set of at least some of theplurality of users in the cohort includes: a cohort window that canidentify a current breakdown of user in the cohort into a plurality ofrisk-based sub-cohorts; and a trend window that can display a depictionof time-dependent change to a size of the risk-based sub-cohorts.

In some embodiments, the trend window can display the depiction of thetime-dependent change to the size of the risk-based sub-cohorts over asliding temporal window. In some embodiments, the trend window canautomatically update as the size of the risk-based sub-cohorts changesand as the sliding temporal window shifts. In some embodiments,generating a risk prediction with the machine-learning algorithm basedon features generated from the received communications includes:generating a feature vector for each of the features; and inputting thefeature vectors into the machine-learning algorithm.

One aspect of the present disclosure relates to a system for automatedcustomized cohort communication. The system includes memory including: auser database including information identifying a plurality of users andcommunication information associated with each of the plurality ofusers. In some embodiments, a risk status is associated with each of theplurality of users. The system can include: a first user device that canreceive inputs from a first user; a second user device that can receiveinputs from a second user; a third user device; and at least one server.The at least one server can: receive communications corresponding to aplurality user inputs provided to the first user device and the seconduser device; generate a first risk prediction for the first user with amachine-learning algorithm and a second risk prediction for the seconduser with the machine-learning algorithm, which first and second riskpredictions are based on features generated from the receivedcommunications; determine inclusion of the first risk prediction in afirst cohort associated with a first risk level and a second riskprediction in a second cohort associated with a second risk level;direct generation of a user interface on the third user device, the userinterface including a graphical depiction of the first and secondcohorts; receive a communication request from the third user device;identify a recipient cohort including at least one user associated withthe communication request; automatically retrieve communicationinformation for each of the at least one user of the recipient cohort;and send a communication to each of the at least one user of therecipient cohort according to the communication information.

In some embodiments, the recipient cohort includes the first cohortassociated with the first risk level. In some embodiments, the recipientcohort includes the first cohort associated with the first risk leveland the second cohort associated with the second risk level. In someembodiments, the communication is sent to at least the first user deviceand the second user device. In some embodiments, the system include afourth user device, which fourth user device is linked to the seconduser in the user database. In some embodiments, the communication issent to at least the first user device and the fourth user device.

In some embodiments, the at least one server can receive communicationcontent and a recipient cohort modification. In some embodiments, therecipient cohort modification adds at least another user to recipientcohort for receipt of the communication. In some embodiments, therecipient cohort modification removes at least one user from therecipient cohort. In some embodiments, generating the first riskprediction based on features generated from the received communicationsincludes: generating a feature vector for each of the features; andinputting the feature vectors into the machine-learning algorithm.

One aspect of the present disclosure relates to a method for automatedcustomized cohort communication. The method includes: receivingcommunications corresponding to a plurality user inputs provided to afirst user device by a first user and to a second user device by asecond user; generating a first risk prediction for the first user witha machine-learning algorithm and a second risk prediction for the seconduser with the machine-learning algorithm, which first and second riskpredictions are based on features generated from the receivedcommunications; determining inclusion of the first risk prediction in afirst cohort associated with a first risk level and a second riskprediction in a second cohort associated with a second risk level;directing generation of a user interface on a third user device, theuser interface including a graphical depiction of the first and secondcohorts; receiving a communication request from the third user device;identifying a recipient cohort including at least one user associatedwith the communication request; automatically retrieving communicationinformation for each of the at least one user of the recipient cohort;and sending a communication to each of the at least one user of therecipient cohort according to the communication information.

In some embodiments, the recipient cohort includes the first cohortassociated with the first risk level. In some embodiments, the recipientcohort includes the first cohort associated with the first risk leveland the second cohort associated with the second risk level. In someembodiments, the communication is sent to at least the first user deviceand the second user device. In some embodiments, the communication issent to at least the first user device and a fourth user device. In someembodiments, the fourth user device is linked to the second user in auser database including information identifying a plurality of users andcommunication information associated with each of the plurality ofusers.

In some embodiments, the method includes receiving communication contentand a recipient cohort modification. In some embodiments, the recipientcohort modification adds at least another user to recipient cohort forreceipt of the communication. In some embodiments, the recipient cohortmodification removes at least one user from the recipient cohort. Insome embodiments, generating the first risk prediction based on featuresgenerated from the received communications includes: generating afeature vector for each of the features; and inputting the featurevectors into the machine-learning algorithm.

Further areas of applicability of the present disclosure will becomeapparent from the detailed description provided hereinafter. It shouldbe understood that the detailed description and specific examples, whileindicating various embodiments, are intended for purposes ofillustration only and are not intended to necessarily limit the scope ofthe disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an example of a contentdistribution network.

FIG. 2 is a block diagram illustrating a computer server and computingenvironment within a content distribution network.

FIG. 3 is a block diagram illustrating an embodiment of one or more datastore servers within a content distribution network.

FIG. 4 is a block diagram illustrating an embodiment of one or morecontent management servers within a content distribution network.

FIG. 5 is a block diagram illustrating the physical and logicalcomponents of a special-purpose computer device within a contentdistribution network.

FIG. 6 is a block diagram illustrating one embodiment of thecommunication network.

FIG. 7 is a block diagram illustrating one embodiment of user device andsupervisor device communication.

FIG. 8 is a schematic illustration of one embodiment of a computingstack.

FIG. 9 is a schematic illustration of one embodiment of communicationand processing flow of modules within the content distribution network.

FIG. 10 is a schematic illustration of another embodiment ofcommunication and processing flow of modules within the contentdistribution network.

FIG. 11 is a schematic illustration of another embodiment ofcommunication and processing flow of modules within the contentdistribution network.

FIG. 12 is a schematic illustration of one embodiment of thepresentation process.

FIG. 13 is a flowchart illustrating one embodiment of a process for datamanagement.

FIG. 14 is a flowchart illustrating one embodiment of a process forevaluating a response.

FIG. 15 is a schematic illustration of one embodiment of an early alertsystem.

FIG. 16 is a schematic illustration of one embodiment of a process formaking a risk determination.

FIG. 17 is a schematic illustration of one embodiment of a process forsecond-level machine-learning alert triggering.

FIG. 18 is a schematic illustration of one embodiment of thecustomization database.

FIG. 19 is a swim-lane diagram of one embodiment of a process for earlyalerting.

FIG. 20 is a flowchart illustrating one embodiment of a process forautomatic alert triggering.

FIG. 21 is a flowchart illustrating one embodiment of a process fortriggering a pre-emptive alert.

FIG. 22 is a flowchart illustrating one embodiment of a process foron-the-fly alert triggering customization.

FIG. 23 is a flowchart illustrating one embodiment of a process foruser-independent second-level machine-learning alert triggering.

FIG. 24 is a flowchart illustrating one embodiment of a process fortriggering second-level feature generation.

FIG. 25 is a flowchart illustrating one embodiment of a process forgenerating second-level risk predictions.

FIG. 26 is a flowchart illustrating one embodiment of another processfor generating second-level risk predictions.

FIG. 27 is a flowchart illustrating one embodiment of a process forinputting features into the prediction engine.

FIG. 28 is a flowchart illustrating one embodiment of a process fordelivery of a triggered alert.

FIG. 29 is a flowchart illustrating one embodiment of a process forswitching views within the user interface.

FIG. 30 is a flowchart illustrating one embodiment of another processfor switching views within the user interface.

FIG. 31 is a flowchart illustrating one embodiment of a process forautomated customized cohort communication.

FIG. 32 is an exemplary illustration of one embodiment of cohort view auser interface.

FIG. 33 is an illustration of a first embodiment of a sub-cohort viewthe user interface.

FIG. 34 is an illustration of a second embodiment of the sub-cohort viewthe user interface.

FIG. 35 is an illustration of one embodiment of a communication view ofthe user interface.

FIG. 36 is an illustration of one embodiment of the individual view ofthe user interface.

In the appended figures, similar components and/or features may have thesame reference label. Further, various components of the same type maybe distinguished by following the reference label by a dash and a secondlabel that distinguishes among the similar components. If only the firstreference label is used in the specification, the description isapplicable to any one of the similar components having the same firstreference label irrespective of the second reference label.

DETAILED DESCRIPTION

The ensuing description provides illustrative embodiment(s) only and isnot intended to limit the scope, applicability or configuration of thedisclosure. Rather, the ensuing description of the illustrativeembodiment(s) will provide those skilled in the art with an enablingdescription for implementing a preferred exemplary embodiment. It isunderstood that various changes can be made in the function andarrangement of elements without departing from the spirit and scope asset forth in the appended claims.

With reference now to FIG. 1, a block diagram is shown illustratingvarious components of a content distribution network (CDN) 100 whichimplements and supports certain embodiments and features describedherein. In some embodiments, the content distribution network 100 cancomprise one or several physical components and/or one or severalvirtual components such as, for example, one or several cloud computingcomponents. In some embodiments, the content distribution network 100can comprise a mixture of physical and cloud computing components.

Content distribution network 100 may include one or more contentmanagement servers 102. As discussed below in more detail, contentmanagement servers 102 may be any desired type of server including, forexample, a rack server, a tower server, a miniature server, a bladeserver, a mini rack server, a mobile server, an ultra-dense server, asuper server, or the like, and may include various hardware components,for example, a motherboard, a processing unit, memory systems, harddrives, network interfaces, power supplies, etc. Content managementserver 102 may include one or more server farms, clusters, or any otherappropriate arrangement and/or combination of computer servers. Contentmanagement server 102 may act according to stored instructions locatedin a memory subsystem of the server 102, and may run an operatingsystem, including any commercially available server operating systemand/or any other operating systems discussed herein.

The content distribution network 100 may include one or more data storeservers 104, such as database servers and file-based storage systems.The database servers 104 can access data that can be stored on a varietyof hardware components. These hardware components can include, forexample, components forming tier 0 storage, components forming tier 1storage, components forming tier 2 storage, and/or any other tier ofstorage. In some embodiments, tier 0 storage refers to storage that isthe fastest tier of storage in the database server 104, andparticularly, the tier 0 storage is the fastest storage that is not RAMor cache memory. In some embodiments, the tier 0 memory can be embodiedin solid state memory such as, for example, a solid-state drive (SSD)and/or flash memory.

In some embodiments, the tier 1 storage refers to storage that is one orseveral higher performing systems in the memory management system, andthat is relatively slower than tier 0 memory, and relatively faster thanother tiers of memory. The tier 1 memory can be one or several harddisks that can be, for example, high-performance hard disks. These harddisks can be one or both of physically or communicatingly connected suchas, for example, by one or several fiber channels. In some embodiments,the one or several disks can be arranged into a disk storage system, andspecifically can be arranged into an enterprise class disk storagesystem. The disk storage system can include any desired level ofredundancy to protect data stored therein, and in one embodiment, thedisk storage system can be made with grid architecture that createsparallelism for uniform allocation of system resources and balanced datadistribution.

In some embodiments, the tier 2 storage refers to storage that includesone or several relatively lower performing systems in the memorymanagement system, as compared to the tier 1 and tier 2 storages. Thus,tier 2 memory is relatively slower than tier 1 and tier 0 memories. Tier2 memory can include one or several SATA-drives or one or severalNL-SATA drives.

In some embodiments, the one or several hardware and/or softwarecomponents of the database server 104 can be arranged into one orseveral storage area networks (SAN), which one or several storage areanetworks can be one or several dedicated networks that provide access todata storage, and particularly that provide access to consolidated,block level data storage. A SAN typically has its own network of storagedevices that are generally not accessible through the local area network(LAN) by other devices. The SAN allows access to these devices in amanner such that these devices appear to be locally attached to the userdevice.

Data stores 104 may comprise stored data relevant to the functions ofthe content distribution network 100. Illustrative examples of datastores 104 that may be maintained in certain embodiments of the contentdistribution network 100 are described below in reference to FIG. 3. Insome embodiments, multiple data stores may reside on a single server104, either using the same storage components of server 104 or usingdifferent physical storage components to assure data security andintegrity between data stores. In other embodiments, each data store mayhave a separate dedicated data store server 104.

Content distribution network 100 also may include one or more devicesincluding one or more user devices 106 and/or one or more supervisordevices 110. User devices 106 and supervisor devices 110 may displaycontent received via the content distribution network 100, and maysupport various types of user interactions with the content. Userdevices 106 and supervisor devices 110 may include mobile devices suchas smartphones, tablet computers, personal digital assistants, andwearable computing devices. Such mobile devices may run a variety ofmobile operating systems, and may be enabled for Internet, e-mail, shortmessage service (SMS), Bluetooth®, mobile radio-frequency identification(M-RFID), and/or other communication protocols. Other user devices 106and supervisor devices 110 may be general purpose personal computers orspecial-purpose computing devices including, by way of example, personalcomputers, laptop computers, workstation computers, projection devices,and interactive room display systems. Additionally, user devices 106 andsupervisor devices 110 may be any other electronic devices, such asthin-client computers, Internet-enabled gaming systems, business or homeappliances, and/or personal messaging devices, capable of communicatingover network(s) 120.

In different contexts of content distribution networks 100, user devices106 and supervisor devices 110 may correspond to different types ofspecialized devices, for example, student devices and teacher devices inan educational network, employee devices and presentation devices in acompany network, different gaming devices in a gaming network, etc. Insome embodiments, user devices 106 and supervisor devices 110 mayoperate in the same physical location 107, such as a classroom orconference room. In such cases, the devices may contain components thatsupport direct communications with other nearby devices, such as awireless transceivers and wireless communications interfaces, Ethernetsockets or other Local Area Network (LAN) interfaces, etc. In otherimplementations, the user devices 106 and supervisor devices 110 neednot be used at the same location 107, but may be used in remotegeographic locations in which each user device 106 and supervisor device110 may use security features and/or specialized hardware (e.g.,hardware-accelerated SSL and HTTPS, WS-Security, firewalls, etc.) tocommunicate with the content management server 102 and/or other remotelylocated user devices 106. Additionally, different user devices 106 andsupervisor devices 110 may be assigned different designated roles, suchas presenter devices, teacher devices, administrator devices, or thelike, and in such cases the different devices may be provided withadditional hardware and/or software components to provide content andsupport user capabilities not available to the other devices.

The content distribution network 100 also may include a privacy server108 that maintains private user information at the privacy server 108while using applications or services hosted on other servers. Forexample, the privacy server 108 may be used to maintain private data ofa user within one jurisdiction even though the user is accessing anapplication hosted on a server (e.g., the content management server 102)located outside the jurisdiction. In such cases, the privacy server 108may intercept communications between a user device 106 or supervisordevice 110 and other devices that include private user information. Theprivacy server 108 may create a token or identifier that does notdisclose the private information and may use the token or identifierwhen communicating with the other servers and systems, instead of usingthe user's private information.

As illustrated in FIG. 1, the content management server 102 may be incommunication with one or more additional servers, such as a contentserver 112, a user data server 112, and/or an administrator server 116.Each of these servers may include some or all of the same physical andlogical components as the content management server(s) 102, and in somecases, the hardware and software components of these servers 112-116 maybe incorporated into the content management server(s) 102, rather thanbeing implemented as separate computer servers.

Content server 112 may include hardware and software components togenerate, store, and maintain the content resources for distribution touser devices 106 and other devices in the network 100. For example, incontent distribution networks 100 used for professional training andeducational purposes, content server 112 may include data stores oftraining materials, presentations, plans, syllabi, reviews, evaluations,interactive programs and simulations, course models, course outlines,and various training interfaces that correspond to different materialsand/or different types of user devices 106. In content distributionnetworks 100 used for media distribution, interactive gaming, and thelike, a content server 112 may include media content files such asmusic, movies, television programming, games, and advertisements.

User data server 114 may include hardware and software components thatstore and process data for multiple users relating to each user'sactivities and usage of the content distribution network 100. Forexample, the content management server 102 may record and track eachuser's system usage, including his or her user device 106, contentresources accessed, and interactions with other user devices 106. Thisdata may be stored and processed by the user data server 114, to supportuser tracking and analysis features. For instance, in the professionaltraining and educational contexts, the user data server 114 may storeand analyze each user's training materials viewed, presentationsattended, courses completed, interactions, evaluation results, and thelike. The user data server 114 may also include a repository foruser-generated material, such as evaluations and tests completed byusers, and documents and assignments prepared by users. In the contextof media distribution and interactive gaming, the user data server 114may store and process resource access data for multiple users (e.g.,content titles accessed, access times, data usage amounts, gaminghistories, user devices and device types, etc.).

Administrator server 116 may include hardware and software components toinitiate various administrative functions at the content managementserver 102 and other components within the content distribution network100. For example, the administrator server 116 may monitor device statusand performance for the various servers, data stores, and/or userdevices 106 in the content distribution network 100. When necessary, theadministrator server 116 may add or remove devices from the network 100,and perform device maintenance such as providing software updates to thedevices in the network 100. Various administrative tools on theadministrator server 116 may allow authorized users to set user accesspermissions to various content resources, monitor resource usage byusers and devices 106, and perform analyses and generate reports onspecific network users and/or devices (e.g., resource usage trackingreports, training evaluations, etc.).

The content distribution network 100 may include one or morecommunication networks 120. Although only a single network 120 isidentified in FIG. 1, the content distribution network 100 may includeany number of different communication networks between any of thecomputer servers and devices shown in FIG. 1 and/or other devicesdescribed herein. Communication networks 120 may enable communicationbetween the various computing devices, servers, and other components ofthe content distribution network 100. As discussed below, variousimplementations of content distribution networks 100 may employdifferent types of networks 120, for example, computer networks,telecommunications networks, wireless networks, and/or any combinationof these and/or other networks.

The content distribution network 100 may include one or severalnavigation systems or features including, for example, the GlobalPositioning System (“GPS”), GALILEO, or the like, or location systems orfeatures including, for example, one or several transceivers that candetermine location of the one or several components of the contentdistribution network 100 via, for example, triangulation. All of theseare depicted as navigation system 122.

In some embodiments, navigation system 122 can include one or severalfeatures that can communicate with one or several components of thecontent distribution network 100 including, for example, with one orseveral of the user devices 106 and/or with one or several of thesupervisor devices 110. In some embodiments, this communication caninclude the transmission of a signal from the navigation system 122which signal is received by one or several components of the contentdistribution network 100 and can be used to determine the location ofthe one or several components of the content distribution network 100.

With reference to FIG. 2, an illustrative distributed computingenvironment 200 is shown including a computer server 202, four clientcomputing devices 206, and other components that may implement certainembodiments and features described herein. In some embodiments, theserver 202 may correspond to the content management server 102 discussedabove in FIG. 1, and the client computing devices 206 may correspond tothe user devices 106. However, the computing environment 200 illustratedin FIG. 2 may correspond to any other combination of devices and serversconfigured to implement a client-server model or other distributedcomputing architecture.

Client devices 206 may be configured to receive and execute clientapplications over one or more networks 220. Such client applications maybe web browser-based applications and/or standalone softwareapplications, such as mobile device applications. Server 202 may becommunicatively coupled with the client devices 206 via one or morecommunication networks 220. Client devices 206 may receive clientapplications from server 202 or from other application providers (e.g.,public or private application stores). Server 202 may be configured torun one or more server software applications or services, for example,web-based or cloud-based services, to support content distribution andinteraction with client devices 206. Users operating client devices 206may in turn utilize one or more client applications (e.g., virtualclient applications) to interact with server 202 to utilize the servicesprovided by these components.

Various different subsystems and/or components 204 may be implemented onserver 202. Users operating the client devices 206 may initiate one ormore client applications to use services provided by these subsystemsand components. The subsystems and components within the server 202 andclient devices 206 may be implemented in hardware, firmware, software,or combinations thereof. Various different system configurations arepossible in different distributed computing systems 200 and contentdistribution networks 100. The embodiment shown in FIG. 2 is thus oneexample of a distributed computing system and is not intended to belimiting.

Although exemplary computing environment 200 is shown with four clientcomputing devices 206, any number of client computing devices may besupported. Other devices, such as specialized sensor devices, etc., mayinteract with client devices 206 and/or server 202.

As shown in FIG. 2, various security and integration components 208 maybe used to send and manage communications between the server 202 anduser devices 206 over one or more communication networks 220. Thesecurity and integration components 208 may include separate servers,such as web servers and/or authentication servers, and/or specializednetworking components, such as firewalls, routers, gateways, loadbalancers, and the like. In some cases, the security and integrationcomponents 208 may correspond to a set of dedicated hardware and/orsoftware operating at the same physical location and under the controlof same entities as server 202. For example, components 208 may includeone or more dedicated web servers and network hardware in a datacenteror a cloud infrastructure. In other examples, the security andintegration components 208 may correspond to separate hardware andsoftware components which may be operated at a separate physicallocation and/or by a separate entity.

Security and integration components 208 may implement various securityfeatures for data transmission and storage, such as authenticating usersand restricting access to unknown or unauthorized users. In variousimplementations, security and integration components 208 may provide,for example, a file-based integration scheme or a service-basedintegration scheme for transmitting data between the various devices inthe content distribution network 100. Security and integrationcomponents 208 also may use secure data transmission protocols and/orencryption for data transfers, for example, File Transfer Protocol(FTP), Secure File Transfer Protocol (SFTP), and/or Pretty Good Privacy(PGP) encryption.

In some embodiments, one or more web services may be implemented withinthe security and integration components 208 and/or elsewhere within thecontent distribution network 100. Such web services, includingcross-domain and/or cross-platform web services, may be developed forenterprise use in accordance with various web service standards, such asRESTful web services (i.e., services based on the Representation StateTransfer (REST) architectural style and constraints), and/or webservices designed in accordance with the Web Service Interoperability(WS-I) guidelines. Some web services may use the Secure Sockets Layer(SSL) or Transport Layer Security (TLS) protocol to provide secureconnections between the server 202 and user devices 206. SSL or TLS mayuse HTTP or HTTPS to provide authentication and confidentiality. Inother examples, web services may be implemented using REST over HTTPSwith the OAuth open standard for authentication, or using theWS-Security standard which provides for secure SOAP messages using XMLencryption. In other examples, the security and integration components208 may include specialized hardware for providing secure web services.For example, security and integration components 208 may include securenetwork appliances having built-in features such as hardware-acceleratedSSL and HTTPS, WS-Security, and firewalls. Such specialized hardware maybe installed and configured in front of any web servers, so that anyexternal devices may communicate directly with the specialized hardware.

Communication network(s) 220 may be any type of network familiar tothose skilled in the art that can support data communications using anyof a variety of commercially-available protocols, including withoutlimitation, TCP/IP (transmission control protocol/Internet protocol),SNA (systems network architecture), IPX (Internet packet exchange),Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols,Hyper Text Transfer Protocol (HTTP) and Secure Hyper Text TransferProtocol (HTTPS), Bluetooth®, Near Field Communication (NFC), and thelike. Merely by way of example, network(s) 220 may be local areanetworks (LAN), such as one based on Ethernet, Token-Ring and/or thelike. Network(s) 220 also may be wide-area networks, such as theInternet. Networks 220 may include telecommunication networks such aspublic switched telephone networks (PSTNs), or virtual networks such asan intranet or an extranet. Infrared and wireless networks (e.g., usingthe Institute of Electrical and Electronics (IEEE) 802.11 protocol suiteor other wireless protocols) also may be included in networks 220.

Computing environment 200 also may include one or more data stores 210and/or back-end servers 212. In certain examples, the data stores 210may correspond to data store server(s) 104 discussed above in FIG. 1,and back-end servers 212 may correspond to the various back-end servers112-116. Data stores 210 and servers 212 may reside in the samedatacenter or may operate at a remote location from server 202. In somecases, one or more data stores 210 may reside on a non-transitorystorage medium within the server 202. Other data stores 210 and back-endservers 212 may be remote from server 202 and configured to communicatewith server 202 via one or more networks 220. In certain embodiments,data stores 210 and back-end servers 212 may reside in a storage-areanetwork (SAN), or may use storage-as-a-service (STaaS) architecturalmodel.

With reference to FIG. 3, an illustrative set of data stores and/or datastore servers is shown, corresponding to the data store servers 104 ofthe content distribution network 100 discussed above in FIG. 1. One ormore individual data stores 301-314 may reside in storage on a singlecomputer server 104 (or a single server farm or cluster) under thecontrol of a single entity, or may reside on separate servers operatedby different entities and/or at remote locations. In some embodiments,data stores 301-314 may be accessed by the content management server 102and/or other devices and servers within the network 100 (e.g., userdevices 106, supervisor devices 110, administrator servers 116, etc.).Access to one or more of the data stores 301-314 may be limited ordenied based on the processes, user credentials, and/or devicesattempting to interact with the data store.

The paragraphs below describe examples of specific data stores that maybe implemented within some embodiments of a content distribution network100. It should be understood that the below descriptions of data stores301-314, including their functionality and types of data stored therein,are illustrative and non-limiting. Data stores server architecture,design, and the execution of specific data stores 301-314 may depend onthe context, size, and functional requirements of a content distributionnetwork 100. For example, in content distribution systems 100 used forprofessional training and educational purposes, separate databases orfile-based storage systems may be implemented in data store server(s)104 to store trainee and/or student data, trainer and/or professor data,training module data and content descriptions, training results,evaluation data, and the like. In contrast, in content distributionsystems 100 used for media distribution from content providers tosubscribers, separate data stores may be implemented in data storesserver(s) 104 to store listings of available content titles anddescriptions, content title usage statistics, subscriber profiles,account data, payment data, network usage statistics, etc.

A user profile data store 301, also referred to herein as a user profiledatabase 301, may include information, also referred to herein as usermetadata, relating to the end users within the content distributionnetwork 100. This information may include user characteristics such asthe user names, access credentials (e.g., logins and passwords), userpreferences, and information relating to any previous user interactionswithin the content distribution network 100 (e.g., requested content,posted content, content modules completed, training scores orevaluations, other associated users, etc.). In some embodiments, thisinformation can relate to one or several individual end users such as,for example, one or several students, teachers, administrators, or thelike, and in some embodiments, this information can relate to one orseveral institutional end users such as, for example, one or severalschools, groups of schools such as one or several school districts, oneor several colleges, one or several universities, one or severaltraining providers, or the like. In some embodiments, this informationcan identify one or several user memberships in one or several groupssuch as, for example, a student's membership in a university, school,program, grade, course, class, or the like.

In some embodiments, the user profile database 301 can includeinformation, such as a risk status, relating to a user's risk level.This risk information can characterize a degree of user risk; a userrisk categorization such as, for example, high risk, intermediate risk,and/or low risk; sources of user risk, or the like. In some embodiments,this risk information can be associated with one or severalinterventions or remedial actions to address the user risk.

The user profile database 301 can include user metadata relating to auser's status, location, or the like. This information can identify, forexample, a device a user is using, the location of that device, or thelike. In some embodiments, this information can be generated based onany location detection technology including, for example, a navigationsystem 122, or the like. The user profile database 301 can include usermetadata identifying communication information associated with usersidentified in the user profile database 301. This information can, forexample, identify one or several devices used or controlled by theusers, user telephone numbers, user email addresses, communicationpreferences, or the like.

Information relating to the user's status can identify, for example,logged-in status information that can indicate whether the user ispresently logged-in to the content distribution network 100 and/orwhether the log-in-is active. In some embodiments, the informationrelating to the user's status can identify whether the user is currentlyaccessing content and/or participating in an activity from the contentdistribution network 100.

In some embodiments, information relating to the user's status canidentify, for example, one or several attributes of the user'sinteraction with the content distribution network 100, and/or contentdistributed by the content distribution network 100. This can includedata identifying the user's interactions with the content distributionnetwork 100, the content consumed by the user through the contentdistribution network 100, or the like. In some embodiments, this caninclude data identifying the type of information accessed through thecontent distribution network 100 and/or the type of activity performedby the user via the content distribution network 100, the lapsed timesince the last time the user accessed content and/or participated in anactivity from the content distribution network 100, or the like. In someembodiments, this information can relate to a content program comprisingan aggregate of data, content, and/or activities, and can identify, forexample, progress through the content program, or through the aggregateof data, content, and/or activities forming the content program. In someembodiments, this information can track, for example, the amount of timesince participation in and/or completion of one or several types ofactivities, the amount of time since communication with one or severalsupervisors and/or supervisor devices 110, or the like.

In some embodiments in which the one or several end users areindividuals, and specifically are students, the user profile database301 can further include user metadata relating to these students'academic and/or educational history. This information can identify oneor several courses of study that the student has initiated, completed,and/or partially completed, as well as grades received in those coursesof study. In some embodiments, the student's academic and/or educationalhistory can further include information identifying student performanceon one or several tests, quizzes, and/or assignments. In someembodiments, this information can be stored in a tier of memory that isnot the fastest memory in the content delivery network 100.

The user profile database 301 can include user metadata relating to oneor several student learning preferences. In some embodiments, forexample, the user, also referred to herein as the student or thestudent-user may have one or several preferred learning styles, one orseveral most effective learning styles, and/or the like. In someembodiments, the student's learning style can be any learning styledescribing how the student best learns or how the student prefers tolearn. In one embodiment, these learning styles can include, forexample, identification of the student as an auditory learner, as avisual learner, and/or as a tactile learner. In some embodiments, thedata identifying one or several student learning styles can include dataidentifying a learning style based on the student's educational historysuch as, for example, identifying a student as an auditory learner whenthe student has received significantly higher grades and/or scores onassignments and/or in courses favorable to auditory learners. In someembodiments, this information can be stored in a tier of memory that isnot the fastest memory in the content delivery network 100.

In some embodiments, the user profile data store 301 can further includeuser metadata identifying one or several user skill levels. In someembodiments, these one or several user skill levels can identify a skilllevel determined based on past performance by the user interacting withthe content delivery network 100, and in some embodiments, these one orseveral user skill levels can identify a predicted skill leveldetermined based on past performance by the user interacting with thecontent delivery network 100 and one or several predictive models.

The user profile database 301 can further include user metadata relatingto one or several teachers and/or instructors who are responsible fororganizing, presenting, and/or managing the presentation of informationto the student. In some embodiments, user profile database 301 caninclude information identifying courses and/or subjects that have beentaught by the teacher, data identifying courses and/or subjectscurrently taught by the teacher, and/or data identifying courses and/orsubjects that will be taught by the teacher. In some embodiments, thiscan include information relating to one or several teaching styles ofone or several teachers. In some embodiments, the user profile database301 can further include information indicating past evaluations and/orevaluation reports received by the teacher. In some embodiments, theuser profile database 301 can further include information relating toimprovement suggestions received by the teacher, training received bythe teacher, continuing education received by the teacher, and/or thelike. In some embodiments, this information can be stored in a tier ofmemory that is not the fastest memory in the content delivery network100.

An accounts data store 302, also referred to herein as an accountsdatabase 302, may generate and store account data for different users invarious roles within the content distribution network 100. For example,accounts may be created in an accounts data store 302 for individual endusers, supervisors, administrator users, and entities such as companiesor educational institutions. Account data may include account types,current account status, account characteristics, and any parameters,limits, restrictions associated with the accounts.

A content library data store 303, also referred to herein as a contentlibrary database 303, may include information describing the individualcontent items (or content resources or data packets) available via thecontent distribution network 100. In some embodiments, these datapackets in the content library database 303 can be linked to form anobject network. In some embodiments, these data packets can be linked inthe object network according to one or several sequential relationshipwhich can be, in some embodiments, prerequisite relationships that can,for example, identify the relative hierarchy and/or difficulty of thedata objects. In some embodiments, this hierarchy of data objects can begenerated by the content distribution network 100 according to userexperience with the object network, and in some embodiments, thishierarchy of data objects can be generated based on one or severalexisting and/or external hierarchies such as, for example, a syllabus, atable of contents, or the like. In some embodiments, for example, theobject network can correspond to a syllabus such that content for thesyllabus is embodied in the object network.

In some embodiments, the content library data store 303 can comprise asyllabus, a schedule, or the like. In some embodiments, the syllabus orschedule can identify one or several tasks and/or events relevant to theuser. In some embodiments, for example, when the user is a member of agroup such as a section or a class, these tasks and/or events relevantto the user can identify one or several assignments, quizzes, exams, orthe like.

In some embodiments, the library data store 303 may include metadata,properties, and other characteristics associated with the contentresources stored in the content server 112. Such data may identify oneor more aspects or content attributes of the associated contentresources, for example, subject matter, access level, or skill level ofthe content resources, license attributes of the content resources(e.g., any limitations and/or restrictions on the licensable use and/ordistribution of the content resource), price attributes of the contentresources (e.g., a price and/or price structure for determining apayment amount for use or distribution of the content resource), ratingattributes for the content resources (e.g., data indicating theevaluation or effectiveness of the content resource), and the like. Insome embodiments, the library data store 303 may be configured to allowupdating of content metadata or properties, and to allow the additionand/or removal of information relating to the content resources. Forexample, content relationships may be implemented as graph structures,which may be stored in the library data store 303 or in an additionalstore for use by selection algorithms along with the other metadata.

In some embodiments, the content library data store 303 can containinformation used in evaluating responses received from users. In someembodiments, for example, a user can receive content from the contentdistribution network 100 and can, subsequent to receiving that content,provide a response to the received content. In some embodiments, forexample, the received content can comprise one or several questions,prompts, or the like, and the response to the received content cancomprise an answer to those one or several questions, prompts, or thelike. In some embodiments, information, referred to herein as“comparative data,” from the content library data store 303 can be usedto determine whether the responses are the correct and/or desiredresponses.

In some embodiments, the content library database 303 and/or the userprofile database 301 can comprise an aggregation network, also referredto herein as a content network or content aggregation network. Theaggregation network can comprise a plurality of content aggregationsthat can be linked together by, for example: creation by common user;relation to a common subject, topic, skill, or the like; creation from acommon set of source material such as source data packets; or the like.In some embodiments, the content aggregation can comprise a grouping ofcontent comprising the presentation portion that can be provided to theuser in the form of, for example, a flash card and an extraction portionthat can comprise the desired response to the presentation portion suchas for example, an answer to a flash card. In some embodiments, one orseveral content aggregations can be generated by the contentdistribution network 100 and can be related to one or several datapackets that can be, for example, organized in object network. In someembodiments, the one or several content aggregations can be each createdfrom content stored in one or several of the data packets.

In some embodiments, the content aggregations located in the contentlibrary database 303 and/or the user profile database 301 can beassociated with a user-creator of those content aggregations. In someembodiments, access to content aggregations can vary based on, forexample, whether a user created the content aggregations. In someembodiments, the content library database 303 and/or the user profiledatabase 301 can comprise a database of content aggregations associatedwith a specific user, and in some embodiments, the content librarydatabase 303 and/or the user profile database 301 can comprise aplurality of databases of content aggregations that are each associatedwith a specific user. In some embodiments, these databases of contentaggregations can include content aggregations created by their specificuser and, in some embodiments, these databases of content aggregationscan further include content aggregations selected for inclusion by theirspecific user and/or a supervisor of that specific user. In someembodiments, these content aggregations can be arranged and/or linked ina hierarchical relationship similar to the data packets in the objectnetwork and/or linked to the object network in the object network or thetasks or skills associated with the data packets in the object networkor the syllabus or schedule.

In some embodiments, the content aggregation network, and the contentaggregations forming the content aggregation network can be organizedaccording to the object network and/or the hierarchical relationshipsembodied in the object network. In some embodiments, the contentaggregation network, and/or the content aggregations forming the contentaggregation network can be organized according to one or several tasksidentified in the syllabus, schedule or the like.

A pricing data store 304 may include pricing information and/or pricingstructures for determining payment amounts for providing access to thecontent distribution network 100 and/or the individual content resourceswithin the network 100. In some cases, pricing may be determined basedon a user's access to the content distribution network 100, for example,a time-based subscription fee, or pricing based on network usage. Inother cases, pricing may be tied to specific content resources. Certaincontent resources may have associated pricing information, whereas otherpricing determinations may be based on the resources accessed, theprofiles and/or accounts of the user, and the desired level of access(e.g., duration of access, network speed, etc.). Additionally, thepricing data store 304 may include information relating to compilationpricing for groups of content resources, such as group prices and/orprice structures for groupings of resources.

A license data store 305 may include information relating to licensesand/or licensing of the content resources within the contentdistribution network 100. For example, the license data store 305 mayidentify licenses and licensing terms for individual content resourcesand/or compilations of content resources in the content server 112, therights holders for the content resources, and/or common or large-scaleright holder information such as contact information for rights holdersof content not included in the content server 112.

A content access data store 306 may include access rights and securityinformation for the content distribution network 100 and specificcontent resources. For example, the content access data store 306 mayinclude login information (e.g., user identifiers, logins, passwords,etc.) that can be verified during user login attempts to the network100. The content access data store 306 also may be used to storeassigned user roles and/or user levels of access. For example, a user'saccess level may correspond to the sets of content resources and/or theclient or server applications that the user is permitted to access.Certain users may be permitted or denied access to certain applicationsand resources based on their subscription level, training program,course/grade level, etc. Certain users may have supervisory access overone or more end users, allowing the supervisor to access all or portionsof the end user's content, activities, evaluations, etc. Additionally,certain users may have administrative access over some users and/or someapplications in the content management network 100, allowing such usersto add and remove user accounts, modify user access permissions, performmaintenance updates on software and servers, etc.

A source data store 307 may include information relating to the sourceof the content resources available via the content distribution network.For example, a source data store 307 may identify the authors andoriginating devices of content resources, previous pieces of data and/orgroups of data originating from the same authors or originating devices,and the like.

An evaluation data store 308 may include information used to direct theevaluation of users and content resources in the content managementnetwork 100. In some embodiments, the evaluation data store 308 maycontain, for example, the analysis criteria and the analysis guidelinesfor evaluating users (e.g., trainees/students, gaming users, mediacontent consumers, etc.) and/or for evaluating the content resources inthe network 100. The evaluation data store 308 also may includeinformation relating to evaluation processing tasks, for example, theidentification of users and user devices 106 that have received certaincontent resources or accessed certain applications, the status ofevaluations or evaluation histories for content resources, users, orapplications, and the like. Evaluation criteria may be stored in theevaluation data store 308 including data and/or instructions in the formof one or several electronic rubrics or scoring guides for use in theevaluation of the content, users, or applications. The evaluation datastore 308 also may include past evaluations and/or evaluation analysesfor users, content, and applications, including relative rankings,characterizations, explanations, and the like.

A model data store 309, also referred to herein as a model database 309,can store information relating to one or several machine-learningalgorithms, classifiers, predictive models which predictive models canbe, for example, statistical models and/or the like. In someembodiments, the machine-learning algorithms or processes can includeone or several classifiers such as a linear classifier. Themachine-learning algorithm can include at least one of: a Random Forrestalgorithm; an Artificial Neural Network; an AdaBoost algorithm; a NaïveBayes algorithm; Boosting Tree, and a Support Vector Machine.

In some embodiments these machine-learning algorithms and/or models caninclude one or several evidence models, risk models, skill models, orthe like. In some embodiments, an evidence model can be amathematically-based statistical model. The evidence model can be basedon, for example, Item Response Theory (IRT), Bayesian Network (Bayesnet), Performance Factor Analysis (PFA), or the like. The evidence modelcan, in some embodiments, be customizable to a user and/or to one orseveral content items. Specifically, one or several inputs relating tothe user and/or to one or several content items can be inserted into theevidence model. These inputs can include, for example, one or severalmeasures of user skill level, one or several measures of content itemdifficulty and/or skill level, or the like. The customized evidencemodel can then be used to predict the likelihood of the user providingdesired or undesired responses to one or several of the content items.

In some embodiments, the risk models can include one or several modelsthat can be used to calculate one or several model function values. Insome embodiments, these one or several model function values can be usedto calculate a risk probability, which risk probability can characterizethe risk of a user such as a student-user failing to achieve a desiredoutcome such as, for example, failing to correctly respond to one orseveral data packets, failure to achieve a desired level of completionof a program, for example in a pre-defined time period, failure toachieve a desired learning outcome, or the like. In some embodiments,the risk probability can identify the risk of the student-user failingto complete 60% of the program.

In some embodiments, these models can include a plurality of modelfunctions including, for example, a first model function, a second modelfunction, a third model function, and a fourth model function. In someembodiments, some or all of the model functions can be associated with aportion of the program such as, for example, a completion stage and/orcompletion status of the program. In one embodiment, for example, thefirst model function can be associated with a first completion status,the second model function can be associated with a second completionstatus, the third model function can be associated with a thirdcompletion status, and the fourth model function can be associated witha fourth completion status. In some embodiments, these completionstatuses can be selected such that some or all of these completionstatuses are less than the desired level of completion of the program.Specifically, in some embodiments, these completion statuses can beselected to all be at less than 60% completion of the program, and morespecifically, in some embodiments, the first completion status can be at20% completion of the program, the second completion status can be at30% completion of the program, the third completion status can be at 40%completion of the program, and the fourth completion status can be at50% completion of the program. Similarly, any desired number of modelfunctions can be associated with any desired number of completionstatuses.

In some embodiments, a model function can be selected from the pluralityof model functions based on a student-user's progress through a program.In some embodiments, the student-user's progress can be compared to oneor several status trigger thresholds, each of which status triggerthresholds can be associated with one or more of the model functions. Ifone of the status triggers is triggered by the student-user's progress,the corresponding one or several model functions can be selected.

The model functions can comprise a variety of types of models and/orfunctions. In some embodiments, each of the model functions outputs afunction value that can be used in calculating a risk probability. Thisfunction value can be calculated by performing one or severalmathematical operations on one or several values indicative of one orseveral user attributes and/or user parameters, also referred to hereinas program status parameters. In some embodiments, each of the modelfunctions can use the same program status parameters, and in someembodiments, the model functions can use different program statusparameters. In some embodiments, the model functions use differentprogram status parameters when at least one of the model functions usesat least one program status parameter that is not used by others of themodel functions.

In some embodiments, a skill model can comprise a statistical modelidentifying a predictive skill level of one or several students. In someembodiments, this model can identify a single skill level of a studentand/or a range of possible skill levels of a student. In someembodiments, this statistical model can identify a skill level of astudent-user and an error value or error range associated with thatskill level. In some embodiments, the error value can be associated witha confidence interval determined based on a confidence level. Thus, insome embodiments, as the number of student interactions with the contentdistribution network increases, the confidence level can increase andthe error value can decrease such that the range identified by the errorvalue about the predicted skill level is smaller.

In some embodiments, the model database 310 can include a plurality oflearning algorithms, classifiers, and/or models and can includeinformation identifying features used by the plurality of learningalgorithms, classifiers, and/or models in generating one or severalpredictions such as, for example, a risk prediction. In someembodiments, for example, some or all of the plurality of learningalgorithms, classifiers, and/or models can use different features ingenerating one or several predictions. These features can be identifiedin the model database 310 in association with the plurality of learningalgorithms, classifiers, and/or models. In some embodiments, the modeldatabase 310 can further include information identifying a format and/orform for the features to be in to allow inputting into the associatedone or several of the plurality of learning algorithms, classifiers,and/or models

A threshold database 310, also referred to herein as a thresholddatabase, can store one or several threshold values. These one orseveral threshold values can delineate between states or conditions. Inone exemplary embodiment, for example, a threshold value can delineatebetween an acceptable user performance and an unacceptable userperformance, between content appropriate for a user and content that isinappropriate for a user, between risk levels, or the like.

A training data source 311, also referred to herein as a trainingdatabase 311 can include training data used in training one or severalof the plurality of learning algorithms, classifiers, and/or models.This can include, for example, one or several sets of training dataand/or one or several sets of test data.

A event data source 312, also referred to herein as a fact database 312or a feature database 312 can include information identifying one orseveral interactions between the user and the content distributionnetwork 100 and any features, including first-level features orsecond-level features, generated therefrom. In some embodiments, theevent data source 312 can include instructions and/or computer code thatwhen executed causes the generation of one or several features includingone or several first-level features and/or one or several second-levelfeatures. The event database 312 can be organized into a plurality ofsub-databases. In some embodiments, these can include an interactionsub-database that can include interactions between one or several usersand the CDN 100. In some embodiments, this interaction sub-database caninclude divisions such that each user's interactions with the CDN 100are distinctly stored within the interaction sub-database. The eventdatabase 312 can include a generated feature sub-database, which caninclude a generated first-level feature sub-database and/or a generatedsecond-level feature sub-database.

The event database 312 can further include a feature creationsub-database, which can include instructions for the creation of one orseveral features. These one or several features can include, forexample, a Hurst coefficient; average correct on first try percent; anaverage score which can include an average homework score and/or anaverage test score; an average part score; a number of attempted parts;an average number of attempted parts; an average number of attempts perpart; and an aggregation parameter such as, for example, one or severalcourse level aggregations. In some embodiments, these features can becalculated with data collected within a window, which window can be atemporally bounded window, or a window bounded by a number of receivedresponse. In such an embodiment, for example, the window can be asliding window, also referred to herein as a sliding temporal windowthat can include information relating to some or all of one or severalusers' interaction with the CDN 100 during a designated time period suchas, for example, a 1 week time period, a ten day time period, a two weektime period, a three week time period, a four week time period, a sixweek time period, a twelve week time period, or any other orintermediate period of time.

In some embodiments, the Hurst coefficient can be a measure ofinstability in responses received from a user, and specifically ameasure of randomness in correct/incorrect responses to one or severalquestions. The Hurst coefficient can be calculated across a window ofdata, which window can be limited to a specified time period and/or to aspecified number of response.

The average correct on first try percent (CFT %) can be a valueindicating the average percent of questions to which the student-usersubmitted a correct response on a first try. The CFT % can be anindicator of changes to correctness stability. In some embodiments, thisfeature can be updated with each additional response received from thestudent-user. In some embodiments, the average correct on first trypercent can be calculated by dividing the number of response that werecorrect on the first try by the number of questions for which responseswere received. In some embodiments, the CFT % can be stored as apercent, or as a normalized value between 0 and 1.

The average score which can include an average homework score and/or anaverage test score can be the average score received by the user on, forexample, homework and/or tests within the window. The average part scorecan identify the average score received by the user on different problemparts. In some embodiments, for example, a problem can include multipleparts, each of which can be independent evaluated. The average partscore can be, for example, the average number of points received for aproblem part and/or a percent indicating the average percent of pointsreceived per problem part. In some embodiments, the number of attemptedparts can be a count of the number of total attempted parts ofquestions, and the average number of attempted parts can be the averagenumber of attempted parts per question. In some embodiments, the averagenumber of attempts per part can be the average number of attempts foreach problem part before the user quits further attempts or correctlyresponds to the problem part. In some embodiments, the aggregationparameter can include a course level average such as, for example, anaverage percent correct across all students within a course, and theaggregation parameter can include one or several course levelaggregations which can be a delta value indicating the differencebetween a feature calculated for an individual and a similar featurecalculated for the course.

A customization data store 313 can include information relating to oneor several customizations. The customization database 313 can containone or several configuration profiles that can identify one or severaluser attributes and a customization associated with each of those one orseveral user attributes. In some embodiments, the customizationidentifies a sub-set of potential features for use in generating a riskprediction, and thus can specify a change to features used in generatinga risk prediction. The customization database 313 can includecustomizations specific to a single user or to a group of users sharinga common attribute. In some embodiments, the customizations within thecustomization database 313 can modify the machine-learning algorithmused in generating a risk prediction. In some embodiments this caninclude selecting a specific one or several machine-learning algorithmsor classifiers that is associated with a unique set of featuresspecified by the customization. In some embodiments, the identificationof a customization for use in generating a risk prediction is determinedaccording to a portion of metadata that is non-unique to a user and isunique to a set of users sharing at least one common attribute.

In addition to the illustrative data stores described above, data storeserver(s) 104 (e.g., database servers, file-based storage servers, etc.)may include one or more external data aggregators 314. External dataaggregators 314 may include third-party data sources accessible to thecontent management network 100, but not maintained by the contentmanagement network 100. External data aggregators 314 may include anyelectronic information source relating to the users, content resources,or applications of the content distribution network 100. For example,external data aggregators 314 may be third-party data stores containingdemographic data, education-related data, consumer sales data,health-related data, and the like. Illustrative external dataaggregators 314 may include, for example, social networking web servers,public records data stores, learning management systems, educationalinstitution servers, business servers, consumer sales data stores,medical record data stores, etc. Data retrieved from various externaldata aggregators 314 may be used to verify and update user accountinformation, suggest user content, and perform user and contentevaluations.

With reference now to FIG. 4, a block diagram is shown illustrating anembodiment of one or more content management servers 102 within acontent distribution network 100. In such an embodiment, contentmanagement server 102 performs internal data gathering and processing ofstreamed content along with external data gathering and processing.Other embodiments could have either all external or all internal datagathering. This embodiment allows reporting timely information thatmight be of interest to the reporting party or other parties. In thisembodiment, the content management server 102 can monitor gatheredinformation from several sources to allow it to make timely businessand/or processing decisions based upon that information. For example,reports of user actions and/or responses, as well as the status and/orresults of one or several processing tasks could be gathered andreported to the content management server 102 from a number of sources.

Internally, the content management server 102 gathers information fromone or more internal components 402-408. The internal components 402-408gather and/or process information relating to such things as: contentprovided to users; content consumed by users; responses provided byusers; user skill levels; content difficulty levels; next content forproviding to users; etc. The internal components 402-408 can report thegathered and/or generated information in real-time, near real-time oralong another time line. To account for any delay in reportinginformation, a time stamp or staleness indicator can inform others ofhow timely the information was sampled. The content management server102 can opt to allow third parties to use internally or externallygathered information that is aggregated within the server 102 bysubscription to the content distribution network 100.

A command and control (CC) interface 338 configures the gathered inputinformation to an output of data streams, also referred to herein ascontent streams. APIs for accepting gathered information and providingdata streams are provided to third parties external to the server 102who want to subscribe to data streams. The server 102 or a third partycan design as yet undefined APIs using the CC interface 338. The server102 can also define authorization and authentication parameters usingthe CC interface 338 such as authentication, authorization, login,and/or data encryption. CC information is passed to the internalcomponents 402-408 and/or other components of the content distributionnetwork 100 through a channel separate from the gathered information ordata stream in this embodiment, but other embodiments could embed CCinformation in these communication channels. The CC information allowsthrottling information reporting frequency, specifying formats forinformation and data streams, deactivation of one or several internalcomponents 402-408 and/or other components of the content distributionnetwork 100, updating authentication and authorization, etc.

The various data streams that are available can be researched andexplored through the CC interface 338. Those data stream selections fora particular subscriber, which can be one or several of the internalcomponents 402-408 and/or other components of the content distributionnetwork 100, are stored in the queue subscription information database322. The server 102 and/or the CC interface 338 then routes selecteddata streams to processing subscribers that have selected delivery of agiven data stream. Additionally, the server 102 also supports historicalqueries of the various data streams that are stored in an historicaldata store 334 as gathered by an archive data agent 336. Through the CCinterface 238 various data streams can be selected for archiving intothe historical data store 334.

Components of the content distribution network 100 outside of the server102 can also gather information that is reported to the server 102 inreal-time, near real-time or along another time line. There is a definedAPI between those components and the server 102. Each type ofinformation or variable collected by server 102 falls within a definedAPI or multiple APIs. In some cases, the CC interface 338 is used todefine additional variables to modify an API that might be of use toprocessing subscribers. The additional variables can be passed to allprocessing subscribes or just a subset. For example, a component of thecontent distribution network 100 outside of the server 102 may report auser response but define an identifier of that user as a privatevariable that would not be passed to processing subscribers lackingaccess to that user and/or authorization to receive that user data.Processing subscribers having access to that user and/or authorizationto receive that user data would receive the subscriber identifier alongwith response reported that component. Encryption and/or uniqueaddressing of data streams or sub-streams can be used to hide theprivate variables within the messaging queues.

The user devices 106 and/or supervisor devices 110 communicate with theserver 102 through security and/or integration hardware 410. Thecommunication with security and/or integration hardware 410 can beencrypted or not. For example, a socket using a TCP connection could beused. In addition to TCP, other transport layer protocols like SCTP andUDP could be used in some embodiments to intake the gatheredinformation. A protocol such as SSL could be used to protect theinformation over the TCP connection. Authentication and authorizationcan be performed to any user devices 106 and/or supervisor deviceinterfacing to the server 102. The security and/or integration hardware410 receives the information from one or several of the user devices 106and/or the supervisor devices 110 by providing the API and anyencryption, authorization, and/or authentication. In some cases, thesecurity and/or integration hardware 410 reformats or rearranges thisreceived information.

The messaging bus 412, also referred to herein as a messaging queue or amessaging channel, can receive information from the internal componentsof the server 102 and/or components of the content distribution network100 outside of the server 102 and distribute the gathered information asa data stream to any processing subscribers that have requested the datastream from the messaging queue 412. As indicate in FIG. 4, processingsubscribers are indicated by a connector to the messaging bus 412, theconnector having an arrow head pointing away from the messaging bus 412.Only data streams within the messaging queue 412 that a particularprocessing subscriber has subscribed to may be read by that processingsubscriber if received at all. Gathered information sent to themessaging queue 412 is processed and returned in a data stream in afraction of a second by the messaging queue 412. Various multicastingand routing techniques can be used to distribute a data stream from themessaging queue 412 that a number of processing subscribers haverequested. Protocols such as Multicast or multiple Unicast could be usedto distribute streams within the messaging queue 412. Additionally,transport layer protocols like TCP, SCTP and UDP could be used invarious embodiments.

Through the CC interface 338, an external or internal processingsubscriber can be assigned one or more data streams within the messagingqueue 412. A data stream is a particular type of message in a particularcategory. For example, a data stream can comprise all of the datareported to the messaging bus 412 by a designated set of components. Oneor more processing subscribers could subscribe and receive the datastream to process the information and make a decision and/or feed theoutput from the processing as gathered information fed back into themessaging queue 412. Through the CC interface 338 a developer can searchthe available data streams or specify a new data stream and its API. Thenew data stream might be determined by processing a number of existingdata streams with a processing subscriber.

The CDN 110 has internal processing subscribers 402-408 that processassigned data streams to perform functions within the server 102.Internal processing subscribers 402-408 could perform functions such asproviding content to a user, receiving a response from a user,determining the correctness of the received response, updating one orseveral models based on the correctness of the response, recommendingnew content for providing to one or several users, or the like. Theinternal processing subscribers 402-408 can decide filtering andweighting of records from the data stream. To the extent that decisionsare made based upon analysis of the data stream, each data record istime stamped to reflect when the information was gathered such thatadditional credibility could be given to more recent results, forexample. Other embodiments may filter out records in the data streamthat are from an unreliable source or stale. For example, a particularcontributor of information may prove to have less than optimal gatheredinformation and that could be weighted very low or removed altogether.

Internal processing subscribers 402-408 may additionally process one ormore data streams to provide different information to feed back into themessaging queue 412 to be part of a different data stream. For example,hundreds of user devices 106 could provide responses that are put into adata stream on the messaging queue 412. An internal processingsubscriber 402-408 could receive the data stream and process it todetermine the difficulty of one or several data packets provided to oneor several users, and supply this information back onto the messagingqueue 412 for possible use by other internal and external processingsubscribers.

As mentioned above, the CC interface 338 allows the CDN 110 to queryhistorical messaging queue 412 information. An archive data agent 336listens to the messaging queue 412 to store data streams in a historicaldatabase 334. The historical database 334 may store data streams forvarying amounts of time and may not store all data streams. Differentdata streams may be stored for different amounts of time.

With regard to the components 402-48, the content management server(s)102 may include various server hardware and software components thatmanage the content resources within the content distribution network 100and provide interactive and adaptive content to users on various userdevices 106. For example, content management server(s) 102 may provideinstructions to and receive information from the other devices withinthe content distribution network 100, in order to manage and transmitcontent resources, user data, and server or client applicationsexecuting within the network 100.

A content management server 102 may include a packet selection system402. The packet selection system 402 may be implemented using dedicatedhardware within the content distribution network 100 (e.g., a packetselection server 402), or using designated hardware and softwareresources within a shared content management server 102. In someembodiments, the packet selection system 402 may adjust the selectionand adaptive capabilities of content resources to match the needs anddesires of the users receiving the content. For example, the packetselection system 402 may query various data stores and servers 104 toretrieve user information, such as user preferences and characteristics(e.g., from a user profile data store 301), user access restrictions tocontent recourses (e.g., from a content access data store 306), previoususer results and content evaluations (e.g., from an evaluation datastore 308), and the like. Based on the retrieved information from datastores 104 and other data sources, the packet selection system 402 maymodify content resources for individual users.

In some embodiments, the packet selection system 402 can include arecommendation engine, also referred to herein as an adaptiverecommendation engine. In some embodiments, the recommendation enginecan select one or several pieces of content, also referred to herein asdata packets, for providing to a user. These data packets can beselected based on, for example, the information retrieved from thedatabase server 104 including, for example, the user profile database301, the content library database 303, the model database 309, or thelike. In some embodiments, these one or several data packets can beadaptively selected and/or selected according to one or severalselection rules. In one embodiment, for example, the recommendationengine can retrieve information from the user profile database 301identifying, for example, a skill level of the user. The recommendationengine can further retrieve information from the content librarydatabase 303 identifying, for example, potential data packets forproviding to the user and the difficulty of those data packets and/orthe skill level associated with those data packets.

The recommendation engine can identify one or several potential datapackets for providing and/or one or several data packets for providingto the user based on, for example, one or several rules, models,predictions, or the like. The recommendation engine can use the skilllevel of the user to generate a prediction of the likelihood of one orseveral users providing a desired response to some or all of thepotential data packets. In some embodiments, the recommendation enginecan pair one or several data packets with selection criteria that may beused to determine which packet should be delivered to a student-userbased on one or several received responses from that student-user. Insome embodiments, one or several data packets can be eliminated from thepool of potential data packets if the prediction indicates either toohigh a likelihood of a desired response or too low a likelihood of adesired response. In some embodiments, the recommendation engine canthen apply one or several selection criteria to the remaining potentialdata packets to select a data packet for providing to the user. Theseone or several selection criteria can be based on, for example, criteriarelating to a desired estimated time for receipt of response to the datapacket, one or several content parameters, one or several assignmentparameters, or the like.

A content management server 102 also may include a summary model system404. The summary model system 404 may be implemented using dedicatedhardware within the content distribution network 100 (e.g., a summarymodel server 404), or using designated hardware and software resourceswithin a shared content management server 102. In some embodiments, thesummary model system 404 may monitor the progress of users throughvarious types of content resources and groups, such as mediacompilations, courses or curriculums in training or educationalcontexts, interactive gaming environments, and the like. For example,the summary model system 404 may query one or more databases and/or datastore servers 104 to retrieve user data such as associated contentcompilations or programs, content completion status, user goals,results, and the like.

A content management server 102 also may include a response system 406,which can include, in some embodiments, a response processor. Theresponse system 406 may be implemented using dedicated hardware withinthe content distribution network 100 (e.g., a response server 406), orusing designated hardware and software resources within a shared contentmanagement server 102. The response system 406 may be configured toreceive and analyze information from user devices 106. For example,various ratings of content resources submitted by users may be compiledand analyzed, and then stored in a data store (e.g., a content librarydata store 303 and/or evaluation data store 308) associated with thecontent. In some embodiments, the response server 406 may analyze theinformation to determine the effectiveness or appropriateness of contentresources with, for example, a subject matter, an age group, a skilllevel, or the like. In some embodiments, the response system 406 mayprovide updates to the packet selection system 402 or the summary modelsystem 404, with the attributes of one or more content resources orgroups of resources within the network 100. The response system 406 alsomay receive and analyze user evaluation data from user devices 106,supervisor devices 110, and administrator servers 116, etc. Forinstance, response system 406 may receive, aggregate, and analyze userevaluation data for different types of users (e.g., end users,supervisors, administrators, etc.) in different contexts (e.g., mediaconsumer ratings, trainee or student comprehension levels, teachereffectiveness levels, gamer skill levels, etc.).

In some embodiments, the response system 406 can be further configuredto receive one or several responses from the user and analyze these oneor several responses. In some embodiments, for example, the responsesystem 406 can be configured to translate the one or several responsesinto one or several observables. As used herein, an observable is acharacterization of a received response. In some embodiments, thetranslation of the one or several responses into one or severalobservables can include determining whether the one or several responsesare correct responses, also referred to herein as desired responses, orare incorrect responses, also referred to herein as undesired responses.In some embodiments, the translation of the one or several responsesinto one or several observables can include characterizing the degree towhich one or several responses are desired responses and/or undesiredresponses. In some embodiments, one or several values can be generatedby the response system 406 to reflect user performance in responding tothe one or several data packets. In some embodiments, these one orseveral values can comprise one or several scores for one or severalresponses and/or data packets.

A content management server 102 also may include a presentation system408. The presentation system 408 may be implemented using dedicatedhardware within the content distribution network 100 (e.g., apresentation server 408), or using designated hardware and softwareresources within a shared content management server 102. Thepresentation system 408 can include a presentation engine that can be,for example, a software module running on the content delivery system.

The presentation system 408, also referred to herein as the presentationmodule or the presentation engine, may control generation of one orseveral user interfaces and/or the content presented to a user via theseone or several user interfaces. In some embodiments, for example, thepresentation system 408 of the server 102 can generate and/or providecontent to one or several of the user devices 106 and/or supervisordevices 110 for display via a user interface.

The presentation system 408 may receive content resources from thepacket selection system 402 and/or from the summary model system 404,and provide the resources to user devices 106. The presentation system408 may determine the appropriate presentation format for the contentresources based on the user characteristics and preferences, and/or thedevice capabilities of user devices 106. If needed, the presentationsystem 408 may convert the content resources to the appropriatepresentation format and/or compress the content before transmission. Insome embodiments, the presentation system 408 may also determine theappropriate transmission media and communication protocols fortransmission of the content resources.

In some embodiments, the presentation system 408 may include specializedsecurity and integration hardware 410, along with corresponding softwarecomponents to implement the appropriate security features contenttransmission and storage, to provide the supported network and clientaccess models, and to support the performance and scalabilityrequirements of the network 100. The security and integration layer 410may include some or all of the security and integration components 208discussed above in FIG. 2, and may control the transmission of contentresources and other data, as well as the receipt of requests and contentinteractions, to and from the user devices 106, supervisor devices 110,administrative servers 116, and other devices in the network 100.

With reference now to FIG. 5, a block diagram of an illustrativecomputer system is shown. The system 500 may correspond to any of thecomputing devices or servers of the content distribution network 100described above, or any other computing devices described herein, andspecifically can include, for example, one or several of the userdevices 106, the supervisor device 110, and/or any of the servers 102,104, 108, 112, 114, 116. In this example, computer system 500 includesprocessing units 504 that communicate with a number of peripheralsubsystems via a bus subsystem 502. These peripheral subsystems include,for example, a storage subsystem 510, an I/O subsystem 526, and acommunications subsystem 532.

Bus subsystem 502 provides a mechanism for letting the variouscomponents and subsystems of computer system 500 communicate with eachother as intended. Although bus subsystem 502 is shown schematically asa single bus, alternative embodiments of the bus subsystem may utilizemultiple buses. Bus subsystem 502 may be any of several types of busstructures including a memory bus or memory controller, a peripheralbus, and a local bus using any of a variety of bus architectures. Sucharchitectures may include, for example, an Industry StandardArchitecture (ISA) bus, Micro Channel Architecture (MCA) bus, EnhancedISA (EISA) bus, Video Electronics Standards Association (VESA) localbus, and Peripheral Component Interconnect (PCI) bus, which can beimplemented as a Mezzanine bus manufactured to the IEEE P1386.1standard.

Processing unit 504, which may be implemented as one or more integratedcircuits (e.g., a conventional microprocessor or microcontroller),controls the operation of computer system 500. One or more processors,including single core and/or multicore processors, may be included inprocessing unit 504. As shown in the figure, processing unit 504 may beimplemented as one or more independent processing units 506 and/or 508with single or multicore processors and processor caches included ineach processing unit. In other embodiments, processing unit 504 may alsobe implemented as a quad-core processing unit or larger multicoredesigns (e.g., hexa-core processors, octo-core processors, ten-coreprocessors, or greater).

Processing unit 504 may execute a variety of software processes embodiedin program code, and may maintain multiple concurrently executingprograms or processes. At any given time, some or all of the programcode to be executed can be resident in processor(s) 504 and/or instorage subsystem 510. In some embodiments, computer system 500 mayinclude one or more specialized processors, such as digital signalprocessors (DSPs), outboard processors, graphics processors,application-specific processors, and/or the like.

I/O subsystem 526 may include device controllers 528 for one or moreuser interface input devices and/or user interface output devices 530.User interface input and output devices 530 may be integral with thecomputer system 500 (e.g., integrated audio/video systems, and/ortouchscreen displays), or may be separate peripheral devices which areattachable/detachable from the computer system 500. The I/O subsystem526 may provide one or several outputs to a user by converting one orseveral electrical signals to the user in perceptible and/orinterpretable form, and may receive one or several inputs from the userby generating one or several electrical signals based on one or severaluser-caused interactions with the I/O subsystem such as the depressingof a key or button, the moving of a mouse, the interaction with atouchscreen or trackpad, the interaction of a sound wave with amicrophone, or the like.

Input devices 530 may include a keyboard, pointing devices such as amouse or trackball, a touchpad or touch screen incorporated into adisplay, a scroll wheel, a click wheel, a dial, a button, a switch, akeypad, audio input devices with voice command recognition systems,microphones, and other types of input devices. Input devices 530 mayalso include three dimensional (3D) mice, joysticks or pointing sticks,gamepads and graphic tablets, and audio/visual devices such as speakers,digital cameras, digital camcorders, portable media players, webcams,image scanners, fingerprint scanners, barcode reader 3D scanners, 3Dprinters, laser rangefinders, and eye gaze tracking devices. Additionalinput devices 530 may include, for example, motion sensing and/orgesture recognition devices that enable users to control and interactwith an input device through a natural user interface using gestures andspoken commands, eye gesture recognition devices that detect eyeactivity from users and transform the eye gestures as input into aninput device, voice recognition sensing devices that enable users tointeract with voice recognition systems through voice commands, medicalimaging input devices, MIDI keyboards, digital musical instruments, andthe like.

Output devices 530 may include one or more display subsystems, indicatorlights, or non-visual displays such as audio output devices, etc.Display subsystems may include, for example, cathode ray tube (CRT)displays, flat-panel devices, such as those using a liquid crystaldisplay (LCD) or plasma display, light-emitting diode (LED) displays,projection devices, touch screens, and the like. In general, use of theterm “output device” is intended to include all possible types ofdevices and mechanisms for outputting information from computer system500 to a user or other computer. For example, output devices 530 mayinclude, without limitation, a variety of display devices that visuallyconvey text, graphics and audio/video information such as monitors,printers, speakers, headphones, automotive navigation systems, plotters,voice output devices, and modems.

Computer system 500 may comprise one or more storage subsystems 510,comprising hardware and software components used for storing data andprogram instructions, such as system memory 518 and computer-readablestorage media 516. The system memory 518 and/or computer-readablestorage media 516 may store program instructions that are loadable andexecutable on processing units 504, as well as data generated during theexecution of these programs.

Depending on the configuration and type of computer system 500, systemmemory 318 may be stored in volatile memory (such as random accessmemory (RAM) 512) and/or in non-volatile storage drives 514 (such asread-only memory (ROM), flash memory, etc.). The RAM 512 may containdata and/or program modules that are immediately accessible to and/orpresently being operated and executed by processing units 504. In someimplementations, system memory 518 may include multiple different typesof memory, such as static random access memory (SRAM) or dynamic randomaccess memory (DRAM). In some implementations, a basic input/outputsystem (BIOS), containing the basic routines that help to transferinformation between elements within computer system 500, such as duringstart-up, may typically be stored in the non-volatile storage drives514. By way of example, and not limitation, system memory 518 mayinclude application programs 520, such as client applications, Webbrowsers, mid-tier applications, server applications, etc., program data522, and an operating system 524.

Storage subsystem 510 also may provide one or more tangiblecomputer-readable storage media 516 for storing the basic programmingand data constructs that provide the functionality of some embodiments.Software (programs, code modules, instructions) that, when executed by aprocessor, provide the functionality described herein may be stored instorage subsystem 510. These software modules or instructions may beexecuted by processing units 504. Storage subsystem 510 may also providea repository for storing data used in accordance with the presentinvention.

Storage subsystem 300 may also include a computer-readable storage mediareader that can further be connected to computer-readable storage media516. Together and, optionally, in combination with system memory 518,computer-readable storage media 516 may comprehensively representremote, local, fixed, and/or removable storage devices plus storagemedia for temporarily and/or more permanently containing, storing,transmitting, and retrieving computer-readable information.

Computer-readable storage media 516 containing program code, or portionsof program code, may include any appropriate media known or used in theart, including storage media and communication media, such as but notlimited to, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information. This can include tangible computer-readable storagemedia such as RAM, ROM, electronically erasable programmable ROM(EEPROM), flash memory or other memory technology, CD-ROM, digitalversatile disk (DVD), or other optical storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or other tangible computer readable media. This can also includenontangible computer-readable media, such as data signals, datatransmissions, or any other medium which can be used to transmit thedesired information and which can be accessed by computer system 500.

By way of example, computer-readable storage media 516 may include ahard disk drive that reads from or writes to non-removable, nonvolatilemagnetic media, a magnetic disk drive that reads from or writes to aremovable, nonvolatile magnetic disk, and an optical disk drive thatreads from or writes to a removable, nonvolatile optical disk such as aCD ROM, DVD, and Blu-Ray® disk, or other optical media.Computer-readable storage media 516 may include, but is not limited to,Zip® drives, flash memory cards, universal serial bus (USB) flashdrives, secure digital (SD) cards, DVD disks, digital video tape, andthe like. Computer-readable storage media 516 may also include,solid-state drives (SSD) based on non-volatile memory such asflash-memory based SSDs, enterprise flash drives, solid state ROM, andthe like, SSDs based on volatile memory such as solid state RAM, dynamicRAM, static RAM, DRAM-based SSDs, magnetoresistive RAM (MRAM) SSDs, andhybrid SSDs that use a combination of DRAM and flash memory based SSDs.The disk drives and their associated computer-readable media may providenon-volatile storage of computer-readable instructions, data structures,program modules, and other data for computer system 500.

Communications subsystem 532 may provide a communication interface fromcomputer system 500 and external computing devices via one or morecommunication networks, including local area networks (LANs), wide areanetworks (WANs) (e.g., the Internet), and various wirelesstelecommunications networks. As illustrated in FIG. 5, thecommunications subsystem 532 may include, for example, one or morenetwork interface controllers (NICs) 534, such as Ethernet cards,Asynchronous Transfer Mode NICs, Token Ring NICs, and the like, as wellas one or more wireless communications interfaces 536, such as wirelessnetwork interface controllers (WNICs), wireless network adapters, andthe like. As illustrated in FIG. 5, the communications subsystem 532 mayinclude, for example, one or more location determining features 538 suchas one or several navigation system features and/or receivers, and thelike. Additionally and/or alternatively, the communications subsystem532 may include one or more modems (telephone, satellite, cable, ISDN),synchronous or asynchronous digital subscriber line (DSL) units,FireWire® interfaces, USB® interfaces, and the like. Communicationssubsystem 536 also may include radio frequency (RF) transceivercomponents for accessing wireless voice and/or data networks (e.g.,using cellular telephone technology, advanced data network technology,such as 3G, 4G or EDGE (enhanced data rates for global evolution), WiFi(IEEE 802.11 family standards, or other mobile communicationtechnologies, or any combination thereof), global positioning system(GPS) receiver components, and/or other components.

The various physical components of the communications subsystem 532 maybe detachable components coupled to the computer system 500 via acomputer network, a FireWire® bus, or the like, and/or may be physicallyintegrated onto a motherboard of the computer system 500. Communicationssubsystem 532 also may be implemented in whole or in part by software.

In some embodiments, communications subsystem 532 may also receive inputcommunication in the form of structured and/or unstructured data feeds,event streams, event updates, and the like, on behalf of one or moreusers who may use or access computer system 500. For example,communications subsystem 532 may be configured to receive data feeds inreal-time from users of social networks and/or other communicationservices, web feeds such as Rich Site Summary (RSS) feeds, and/orreal-time updates from one or more third party information sources(e.g., data aggregators 314). Additionally, communications subsystem 532may be configured to receive data in the form of continuous datastreams, which may include event streams of real-time events and/orevent updates (e.g., sensor data applications, financial tickers,network performance measuring tools, clickstream analysis tools,automobile traffic monitoring, etc.). Communications subsystem 532 mayoutput such structured and/or unstructured data feeds, event streams,event updates, and the like to one or more data stores 104 that may bein communication with one or more streaming data source computerscoupled to computer system 500.

Due to the ever-changing nature of computers and networks, thedescription of computer system 500 depicted in the figure is intendedonly as a specific example. Many other configurations having more orfewer components than the system depicted in the figure are possible.For example, customized hardware might also be used and/or particularelements might be implemented in hardware, firmware, software, or acombination. Further, connection to other computing devices, such asnetwork input/output devices, may be employed. Based on the disclosureand teachings provided herein, a person of ordinary skill in the artwill appreciate other ways and/or methods to implement the variousembodiments.

With reference now to FIG. 6, a block diagram illustrating oneembodiment of the communication network is shown. Specifically, FIG. 6depicts one hardware configuration in which messages are exchangedbetween a source hub 602 via the communication network 120 that caninclude one or several intermediate hubs 604. In some embodiments, thesource hub 602 can be any one or several components of the contentdistribution network generating and initiating the sending of a message,and the terminal hub 606 can be any one or several components of thecontent distribution network 100 receiving and not re-sending themessage. In some embodiments, for example, the source hub 602 can be oneor several of the user device 106, the supervisor device 110, and/or theserver 102, and the terminal hub 606 can likewise be one or several ofthe user device 106, the supervisor device 110, and/or the server 102.In some embodiments, the intermediate hubs 604 can include any computingdevice that receives the message and resends the message to a next node.

As seen in FIG. 6, in some embodiments, each of the hubs 602, 604, 606can be communicatingly connected with the data store 104. In such anembodiments, some or all of the hubs 602, 604, 606 can send informationto the data store 104 identifying a received message and/or any sent orresent message. This information can, in some embodiments, be used todetermine the completeness of any sent and/or received messages and/orto verify the accuracy and completeness of any message received by theterminal hub 606.

In some embodiments, the communication network 120 can be formed by theintermediate hubs 604. In some embodiments, the communication network120 can comprise a single intermediate hub 604, and in some embodiments,the communication network 120 can comprise a plurality of intermediatehubs. In one embodiment, for example, and as depicted in FIG. 6, thecommunication network 120 includes a first intermediate hub 604-A and asecond intermediate hub 604-B.

With reference now to FIG. 7, a block diagram illustrating oneembodiment of user device 106 and supervisor device 110 communication isshown. In some embodiments, for example, a user may have multipledevices that can connect with the content distribution network 100 tosend or receive information. In some embodiments, for example, a usermay have a personal device such as a mobile device, a Smartphone, atablet, a Smartwatch, a laptop, a PC, or the like. In some embodiments,the other device can be any computing device in addition to the personaldevice. This other device can include, for example, a laptop, a PC, aSmartphone, a tablet, a Smartwatch, or the like. In some embodiments,the other device differs from the personal device in that the personaldevice is registered as such within the content distribution network 100and the other device is not registered as a personal device within thecontent distribution network 100.

Specifically with respect to FIG. 7, the user device 106 can include apersonal user device 106-A and one or several other user devices 106-B.In some embodiments, one or both of the personal user device 106-A andthe one or several other user devices 106-B can be communicatinglyconnected to the content management server 102 and/or to the navigationsystem 122. Similarly, the supervisor device 110 can include a personalsupervisor device 110-A and one or several other supervisor devices110-B. In some embodiments, one or both of the personal supervisordevice 110-A and the one or several other supervisor devices 110-B canbe communicatingly connected to the content management server 102 and/orto the navigation system 122.

In some embodiments, the content distribution network can send one ormore alerts to one or more user devices 106 and/or one or moresupervisor devices 110 via, for example, the communication network 120.In some embodiments, the receipt of the alert can result in thelaunching of an application within the receiving device, and in someembodiments, the alert can include a link that, when selected, launchesthe application or navigates a web-browser of the device of the selectorof the link to a page or portal associated with the alert.

In some embodiments, for example, the providing of this alert caninclude the identification of one or several user devices 106 and/orstudent-user accounts associated with the student-user and/or one orseveral supervisor devices 110 and/or supervisor-user accountsassociated with the supervisor-user. After these one or several devices106, 110 and/or accounts have been identified, the providing of thisalert can include determining an active device of the devices 106, 110based on determining which of the devices 106, 110 and/or accounts areactively being used, and then providing the alert to that active device.

Specifically, if the user is actively using one of the devices 106, 110such as the other user device 106-B and the other supervisor device110-B, and/or accounts, the alert can be provided to the user via thatother device 106-B, 110-B and/or account that is actively being used. Ifthe user is not actively using an other device 106-B, 110-B and/oraccount, a personal device 106-A, 110-A device, such as a smart phone ortablet, can be identified and the alert can be provided to this personaldevice 106-A, 110-A. In some embodiments, the alert can include code todirect the default device to provide an indicator of the received alertsuch as, for example, an aural, tactile, or visual indicator of receiptof the alert.

In some embodiments, the recipient device 106, 110 of the alert canprovide an indication of receipt of the alert. In some embodiments, thepresentation of the alert can include the control of the I/O subsystem526 to, for example, provide an aural, tactile, and/or visual indicatorof the alert and/or of the receipt of the alert. In some embodiments,this can include controlling a screen of the supervisor device 110 todisplay the alert, data contained in alert and/or an indicator of thealert.

With reference now to FIG. 8, a schematic illustration of one embodimentof an application stack, and particularly of a stack 650 is shown. Insome embodiments, the content distribution network 100 can comprise aportion of the stack 650 that can include an infrastructure layer 652, aplatform layer 654, an applications layer 656, and a products layer 658.In some embodiments, the stack 650 can comprise some or all of thelayers, hardware, and/or software to provide one or several desiredfunctionalities and/or productions.

As depicted in FIG. 8, the infrastructure layer 652 can include one orseveral servers, communication networks, data stores, privacy servers,and the like. In some embodiments, the infrastructure layer can furtherinclude one or several user devices 106 and/or supervisor devices 110connected as part of the content distribution network.

The platform layer can include one or several platform softwareprograms, modules, and/or capabilities. These can include, for example,identification services, security services, and/or adaptive platformservices 660. In some embodiments, the identification services can, forexample, identify one or several users, components of the contentdistribution network 100, or the like. The security services can monitorthe content distribution network for one or several security threats,breaches, viruses, malware, or the like. The adaptive platform services660 can receive information from one or several components of thecontent distribution network 100 and can provide predictions, models,recommendations, or the like based on that received information. Thefunctionality of the adaptive platform services 660 will be discussed ingreater detail in FIGS. 9-11, below.

The applications layer 656 can include software or software modules uponor in which one or several product softwares or product software modulescan operate. In some embodiments, the applications layer 656 caninclude, for example, a management system, record system, or the like.In some embodiments, the management system can include, for example, aLearning Management System (LMS), a Content Management System (CMS), orthe like. The management system can be configured to control thedelivery of one or several resources to a user and/or to receive one orseveral responses from the user. In some embodiments, the records systemcan include, for example, a virtual gradebook, a virtual counselor, orthe like.

The products layer can include one or several software products and/orsoftware module products. These software products and/or software moduleproducts can provide one or several services and/or functionalities toone or several users of the software products and/or software moduleproducts.

With reference now to FIG. 9-11, schematic illustrations of embodimentsof communication and processing flow of modules within the contentdistribution network 100 are shown. In some embodiments, thecommunication and processing can be performed in portions of theplatform layer 654 and/or applications layer 656. FIG. 9 depicts a firstembodiment of such communications or processing that can be in theplatform layer 654 and/or applications layer 656 via the message channel412.

The platform layer 654 and/or applications layer 656 can include aplurality of modules that can be embodied in software or hardware. Insome embodiments, some or all of the modules can be embodied in hardwareand/or software at a single location, and in some embodiments, some orall of these modules can be embodied in hardware and/or software atmultiple locations. These modules can perform one or several processesincluding, for example, a presentation process 670, a response process676, a summary model process 680, and a packet selection process 684.

The presentation process 670 can, in some embodiments, include one orseveral methods and/or steps to deliver content to one or several userdevices 106 and/or supervisor devices 110. The presentation process 670can be performed by a presenter module 672 and a view module 674. Thepresenter module 672 can be a hardware or software module of the contentdistribution network 100, and specifically of the server 102. In someembodiments, the presenter module 672 can include one or severalportions, features, and/or functionalities that are located on theserver 102 and/or one or several portions, features, and/orfunctionalities that are located on the user device 106. In someembodiments, the presenter module 672 can be embodied in thepresentation system 408.

The presenter module 672 can control the providing of content to one orseveral user devices 106 and/or supervisor devices 110. Specifically,the presenter module 672 can control the generation of one or severalmessages to provide content to one or several desired user devices 106and/or supervisor devices 110. The presenter module 672 can furthercontrol the providing of these one or several messages to the desiredone or several desired user devices 106 and/or supervisor devices 110.Thus, in some embodiments, the presenter module 672 can control one orseveral features of the communications subsystem 532 to generate andsend one or several electrical signals comprising content to one orseveral user devices 106 and/or supervisor devices 110.

In some embodiments, the presenter module 672 can control and/or managea portion of the presentation functions of the presentation process 670,and can specifically manage an “outer loop” of presentation functions.As used herein, the outer loop refers to tasks relating to the trackingof a user's progress through all or a portion of a group of datapackets. In some embodiments, this can include the identification of oneor several completed data packets or nodes and/or the non-adaptiveselection of one or several next data packets or nodes according to, forexample, one or several fixed rules. Such non-adaptive selection doesnot rely on the use of predictive models, but rather on rulesidentifying next data packets based on data relating to the completionof one or several previously completed data packets or assessmentsand/or whether one or several previously completed data packets weresuccessfully completed.

In some embodiments, and due to the management of the outer loop ofpresentation functions including the non-adaptive selection of one orseveral next data packets, nodes, or tasks by the presenter module, thepresenter module can function as a recommendation engine referred toherein as a first recommendation engine or a rules-based recommendationengine. In some embodiments, the first recommendation engine can beconfigured to select a next node for a user based on one or all of: theuser's current location in the content network; potential next nodes;the user's history including the user's previous responses; and one orseveral guard conditions associated with the potential next nodes. Insome embodiments, a guard condition defines one or several prerequisitesfor entry into, or exit from, a node.

In some embodiments, the presenter module 672 can include a portionlocated on the server 102 and/or a portion located on the user device106. In some embodiments, the portion of the presenter module 672located on the server 102 can receive data packet information andprovide a subset of the received data packet information to the portionof the presenter module 672 located on the user device 106. In someembodiments, this segregation of functions and/or capabilities canprevent solution data from being located on the user device 106 and frombeing potentially accessible by the user of the user device 106.

In some embodiments, the portion of the presenter module 672 located onthe user device 106 can be further configured to receive the subset ofthe data packet information from the portion of the presenter module 672located on the server 102 and provide that subset of the data packetinformation to the view module 674. In some embodiments, the portion ofthe presenter module 672 located on the user device 106 can be furtherconfigured to receive a content request from the view module 674 and toprovide that content request to the portion of the presenter module 674located on the server 102.

The view module 674 can be a hardware or software module of some or allof the user devices 106 and/or supervisor devices 110 of the contentdistribution network 100. The view module 674 can receive one or severalelectrical signals and/or communications from the presenter module 672and can provide the content received in those one or several electricalsignals and/or communications to the user of the user device 106 and/orsupervisor device 110 via, for example, the I/O subsystem 526.

In some embodiments, the view module 674 can control and/or monitor an“inner loop” of presentation functions. As used herein, the inner looprefers to tasks relating to the tracking and/or management of a user'sprogress through a data packet. This can specifically relate to thetracking and/or management of a user's progression through one orseveral pieces of content, questions, assessments, and/or the like of adata packet. In some embodiments, this can further include the selectionof one or several next pieces of content, next questions, nextassessments, and/or the like of the data packet for presentation and/orproviding to the user of the user device 106.

In some embodiments, one or both of the presenter module 672 and theview module 674 can comprise one or several presentation engines. Insome embodiments, these one or several presentation engines can comprisedifferent capabilities and/or functions. In some embodiments, one of thepresentation engines can be configured to track the progress of a userthrough a single data packet, task, content item, or the like, and insome embodiments, one of the presentation engines can track the progressof a user through a series of data packets, tasks, content items, or thelike.

The response process 676 can comprise one or several methods and/orsteps to evaluate a response. In some embodiments, this can include, forexample, determining whether the response comprises a desired responseand/or an undesired response. In some embodiments, the response process676 can include one or several methods and/or steps to determine thecorrectness and/or incorrectness of one or several received responses.In some embodiments, this can include, for example, determining thecorrectness and/or incorrectness of a multiple choice response, atrue/false response, a short answer response, an essay response, or thelike. In some embodiments, the response processor can employ, forexample, natural language processing, semantic analysis, or the like indetermining the correctness or incorrectness of the received responses.

In some embodiments, the response process 676 can be performed by aresponse processor 678. The response processor 678 can be a hardware orsoftware module of the content distribution network 100, andspecifically of the server 102. In some embodiments, the responseprocessor 678 can be embodied in the response system 406. In someembodiments, the response processor 678 can be communicatingly connectedto one or more of the modules of the presentation process 760 such as,for example, the presenter module 672 and/or the view module 674. Insome embodiments, the response processor 678 can be communicatinglyconnected with, for example, the message channel 412 and/or othercomponents and/or modules of the content distribution network 100.

The summary model process 680 can comprise one or several methods and/orsteps to generate and/or update one or several models. In someembodiments, this can include, for example, implementing informationreceived either directly or indirectly from the response processor 678to update one or several models. In some embodiments, the summary modelprocess 680 can include the update of a model relating to one or severaluser attributes such as, for example, a user skill model, a userknowledge model, a learning style model, or the like. In someembodiments, the summary model process 680 can include the update of amodel relating to one or several content attributes including attributesrelating to a single content item and/or data packet and/or attributesrelating to a plurality of content items and/or data packets. In someembodiments, these models can relate to an attribute of the one orseveral data packets such as, for example, difficulty, discrimination,required time, or the like.

In some embodiments, the summary model process 680 can be performed bythe model engine 682. In some embodiments, the model engine 682 can be ahardware or software module of the content distribution network 100, andspecifically of the server 102. In some embodiments, the model engine682 can be embodied in the summary model system 404.

In some embodiments, the model engine 682 can be communicatinglyconnected to one or more of the modules of the presentation process 760such as, for example, the presenter module 672 and/or the view module674, can be connected to the response processor 678 and/or therecommendation. In some embodiment, the model engine 682 can becommunicatingly connected to the message channel 412 and/or othercomponents and/or modules of the content distribution network 100.

The packet selection process 684 can comprise one or several stepsand/or methods to identify and/or select a data packet for presentationto a user. In some embodiments, this data packet can comprise aplurality of data packets. In some embodiments, this data packet can beselected according to one or several models updated as part of thesummary model process 680. In some embodiments, this data packet can beselected according to one or several rules, probabilities, models, orthe like. In some embodiments, the one or several data packets can beselected by the combination of a plurality of models updated in thesummary model process 680 by the model engine 682. In some embodiments,these one or several data packets can be selected by a recommendationengine 686. The recommendation engine 686 can be a hardware or softwaremodule of the content distribution network 100, and specifically of theserver 102. In some embodiments, the recommendation engine 686 can beembodied in the packet selection system 402. In some embodiments, therecommendation engine 686 can be communicatingly connected to one ormore of the modules of the presentation process 670, the responseprocess 676, and/or the summary model process 680 either directly and/orindirectly via, for example, the message channel.

In some embodiments, and as depicted in FIG. 9, a presenter module 672can receive a data packet for presentation to a user device 106. Thisdata packet can be received, either directly or indirectly from arecommendation engine 686. In some embodiments, for example, thepresenter module 672 can receive a data packet for providing to a userdevice 106 from the recommendation engine 686, and in some embodiments,the presenter module 672 can receive an identifier of a data packet forproviding to a user device 106 via a view module 674. This can bereceived from the recommendation engine 686 via a message channel 412.Specifically, in some embodiments, the recommendation engine 686 canprovide data to the message channel 412 indicating the identificationand/or selection of a data packet for providing to a user via a userdevice 106. In some embodiments, this data indicating the identificationand/or selection of the data packet can identify the data packet and/orcan identify the intended recipient of the data packet.

The message channel 412 can output this received data in the form of adata stream 690 which can be received by, for example, the presentermodule 672, the model engine 682, and/or the recommendation engine 686.In some embodiments, some or all of: the presenter module 672, the modelengine 682, and/or the recommendation engine 686 can be configured toparse and/or filter the data stream 690 to identify data and/or eventsrelevant to their operation. Thus, for example, the presenter module 672can be configured to parse the data stream for information and/or eventsrelevant to the operation of the presenter module 672.

In some embodiments, the presenter module 672 can extract the datapacket from the data stream 690 and/or extract data identifying the datapacket and/or indicating the selecting of a data packet from the datastream. In the event that data identifying the data packet is extractedfrom the data stream 690, the presenter module 672 can request andreceive the data packet from the database server 104, and specificallyfrom the content library database 303. In embodiments in which dataindicating the selection of a data packet is extracted from the datastream 690, the presenter module 672 can request and receiveidentification of the data packet from the recommendation engine 686 andthen request and receive the data packet from the database server 104,and specifically from the content library database 303, and in someembodiments in which data indicating the selection of a data packet isextracted from the data stream 690, the presenter module 672 can requestand receive the data packet from the recommendation engine 686.

The presenter module can then provide the data packet and/or portions ofthe data packet to the view module 674. In some embodiments, forexample, the presenter module 672 can retrieve one or several rulesand/or conditions that can be, for example, associated with the datapacket and/or stored in the database server 104. In some embodiments,these rules and/or conditions can identify portions of a data packet forproviding to the view module 674 and/or portions of a data packet to notprovide to the view module 674. In some embodiments, for example,sensitive portions of a data packet, such as, for example, solutioninformation to any questions associated with a data packet, is notprovided to the view module 674 to prevent the possibility of undesiredaccess to those sensitive portions of the data packet. Thus, in someembodiments, the one or several rules and/or conditions can identifyportions of the data packet for providing to the view module 674 and/orportions of the data packet for not providing to the view module.

In some embodiments, the presenter module 672 can, according to the oneor more rules and/or conditions, generate and transmit an electronicmessage containing all or portions of the data packet to the view module674. The view module 674 can receive these all or portions of the datapacket and can provide all or portions of this information to the userof the user device 106 associated with the view module 674 via, forexample, the I/O subsystem 526. In some embodiments, as part of theproviding of all or portions of the data packet to the user of the viewmodule 674, one or several user responses can be received by the viewmodule 674. In some embodiments, these one or several user responses canbe received via the I/O subsystem 526 of the user device 106.

After one or several user responses have been received, the view module674 can provide the one or several user responses to the responseprocessor 678. In some embodiments, these one or several responses canbe directly provided to the response processor 678, and in someembodiments, these one or several responses can be provided indirectlyto the response processor 678 via the message channel 412.

After the response processor 678 receives the one or several responses,the response processor 678 can determine whether the responses aredesired responses and/or the degree to which the received responses aredesired responses. In some embodiments, the response processor can makethis determination via, for example, use of one or several techniques,including, for example, natural language processing (NLP), semanticanalysis, or the like.

In some embodiments, the response processor can determine whether aresponse is a desired response and/or the degree to which a response isa desired response with comparative data which can be associated withthe data packet. In some embodiments, this comparative data cancomprise, for example, an indication of a desired response and/or anindication of one or several undesired responses, a response key, aresponse rubric comprising one criterion or several criteria fordetermining the degree to which a response is a desired response, or thelike. In some embodiments, the comparative data can be received as aportion of and/or associated with a data packet. In some embodiments,the comparative data can be received by the response processor 678 fromthe presenter module 672 and/or from the message channel 412. In someembodiments, the response data received from the view module 674 cancomprise data identifying the user and/or the data packet or portion ofthe data packet with which the response is associated. In someembodiments in which the response processor 678 merely receives dataidentifying the data packet and/or portion of the data packet associatedwith the one or several responses, the response processor 678 canrequest and/or receive comparative data from the database server 104,and specifically from the content library database 303 of the databaseserver 104.

After the comparative data has been received, the response processor 678determines whether the one or several responses comprise desiredresponses and/or the degree to which the one or several responsescomprise desired responses. The response processor can then provide thedata characterizing whether the one or several responses comprisedesired response and/or the degree to which the one or several responsescomprises desired responses to the message channel 412. The messagechannel can, as discussed above, include the output of the responseprocessor 678 in the data stream 690 which can be constantly output bythe message channel 412.

In some embodiments, the model engine 682 can subscribe to the datastream 690 of the message channel 412 and can thus receive the datastream 690 of the message channel 412 as indicated in FIG. 9. The modelengine 682 can monitor the data stream 690 to identify data and/orevents relevant to the operation of the model engine. In someembodiments, the model engine 682 can monitor the data stream 690 toidentify data and/or events relevant to the determination of whether aresponse is a desired response and/or the degree to which a response isa desired response.

When a relevant event and/or relevant data are identified by the modelengine, the model engine 682 can take the identified relevant eventand/or relevant data and modify one or several models. In someembodiments, this can include updating and/or modifying one or severalmodels relevant to the user who provided the responses, updating and/ormodifying one or several models relevant to the data packet associatedwith the responses, and/or the like. In some embodiments, these modelscan be retrieved from the database server 104, and, in some embodiments,can be retrieved from the model data source 309 of the database server104.

After the models have been updated, the updated models can be stored inthe database server 104. In some embodiments, the model engine 682 cansend data indicative of the event of the completion of the model updateto the message channel 412. The message channel 412 can incorporate thisinformation into the data stream 690 which can be received by therecommendation engine 686. The recommendation engine 686 can monitor thedata stream 690 to identify data and/or events relevant to the operationof the recommendation engine 686. In some embodiments, therecommendation engine 686 can monitor the data stream 690 to identifydata and/or events relevant to the updating of one or several models bythe model engine 682.

When the recommendation engine 686 identifies information in the datastream 690 indicating the completion of the summary model process 680for models relevant to the user providing the response and/or for modelsrelevant to the data packet provided to the user, the recommendationengine 686 can identify and/or select a next data packet for providingto the user and/or to the presentation process 470. In some embodiments,this selection of the next data packet can be performed according to oneor several rules and/or conditions. After the next data packet has beenselected, the recommendation engine 686 can provide information to themodel engine 682 identifying the next selected data packet and/or to themessage channel 412 indicating the event of the selection of the nextcontent item. After the message channel 412 receives informationidentifying the selection of the next content item and/or receives thenext content item, the message channel 412 can include this informationin the data stream 690 and the process discussed with respect to FIG. 9can be repeated.

With reference now to FIG. 10, a schematic illustration of a secondembodiment of communication or processing that can be in the platformlayer 654 and/or applications layer 656 via the message channel 412 isshown. In the embodiment depicted in FIG. 10, the data packet providedto the presenter module 672 and then to the view module 674 does notinclude a prompt for a user response and/or does not result in thereceipt of a user response. As no response is received, when the datapacket is completed, nothing is provided to the response processor 678,but rather data indicating the completion of the data packet is providedfrom one of the view module 674 and/or the presenter module 672 to themessage channel 412. The data is then included in the data stream 690and is received by the model engine 682 which uses the data to updateone or several models. After the model engine 682 has updated the one orseveral models, the model engine 682 provides data indicating thecompletion of the model updates to the message channel 412. The messagechannel 412 then includes the data indicating the completion of themodel updates in the data stream 690 and the recommendation engine 686,which can subscribe to the data stream 690, can extract the dataindicating the completion of the model updates from the data stream 690.The recommendation engine 686 can then identify a next one or severaldata packets for providing to the presenter module 672, and therecommendation engine 686 can then, either directly or indirectly,provide the next one or several data packets to the presenter module672.

With reference now to FIG. 11, a schematic illustration of an embodimentof dual communication, or hybrid communication, in the platform layer654 and/or applications layer 656 is shown. Specifically, in thisembodiment, some communication is synchronous with the completion of oneor several tasks and some communication is asynchronous. Thus, in theembodiment depicted in FIG. 11, the presenter module 972 communicatessynchronously with the model engine 682 via a direct communication 692and communicates asynchronously with the model engine 682 via themessage channel 412.

Specifically, and with reference to FIG. 11, the presenter module 672can receive and/or select a data packet for presentation to the userdevice 106 via the view module 674. In some embodiments, the presentermodule 672 can identify all or portions of the data packet that can beprovided to the view module 674 and portions of the data packet forretaining from the view module 674. In some embodiments, the presentermodule can provide all or portions of the data packet to the view module674. In some embodiments, and in response to the receipt of all orportions of the data packet, the view module 674 can provide aconfirmation of receipt of the all or portions of the data packet andcan provide those all or portions of the data packet to the user via theuser device 106. In some embodiments, the view module 674 can providethose all or portions of the data packet to the user device 106 whilecontrolling the inner loop of the presentation of the data packet to theuser via the user device 106.

After those all or portions of the data packet have been provided to theuser device 106, a response indicative of the completion of one orseveral tasks associated with the data packet can be received by theview module 674 from the user device 106, and specifically from the I/Osubsystem 526 of the user device 106. In response to this receive, theview module 674 can provide an indication of this completion status tothe presenter module 672 and/or can provide the response to the responseprocessor 678.

After the response has been received by the response processor 678, theresponse processor 678 can determine whether the received response is adesired response. In some embodiments, this can include, for example,determining whether the response comprises a correct answer and/or thedegree to which the response comprises a correct answer.

After the response processor has determined whether the receivedresponse is a desired response, the response processor 678 can providean indicator of the result of the determination of whether the receivedresponse is a desired response to the presenter module 672. In responseto the receipt of the indicator of whether the result of thedetermination of whether the received response is a desired response,the presenter module 672 can synchronously communicate with the modelengine 682 via a direct communication 692 and can asynchronouslycommunicate with model engine 682 via the message channel 412. In someembodiments, the synchronous communication can advantageously includetwo-way communication between the model engine 682 and the presentermodule 672 such that the model engine 682 can provide an indication tothe presenter module 672 when model updating is completed by the modelengine.

After the model engine 682 has received one or both of the synchronousand asynchronous communications, the model engine 682 can update one orseveral models relating to, for example, the user, the data packet, orthe like. After the model engine 682 has completed the updating of theone or several models, the model engine 682 can send a communication tothe presenter module 672 indicating the completion of the updated one orseveral modules.

After the presenter module 672 receives the communication indicating thecompletion of the updating of the one or several models, the presentermodule 672 can send a communication to the recommendation engine 686requesting identification of a next data packet. As discussed above, therecommendation engine 686 can then retrieve the updated model andretrieve the user information. With the updated models and the userinformation, the recommendation engine can identify a next data packetfor providing to the user, and can provide the data packet to thepresenter module 672. In some embodiments, the recommendation engine 686can further provide an indication of the next data packet to the modelengine 682, which can use this information relating to the next datapacket to update one or several models, either immediately, or afterreceiving a communication from the presenter module 672 subsequent tothe determination of whether a received response for that data packet isa desired response.

With reference now to FIG. 12, a schematic illustration of oneembodiment of the presentation process 670 is shown. Specifically, FIG.12 depicts multiple portions of the presenter module 672, namely, theexternal portion 673 and the internal portion 675. In some embodiments,the external portion 673 of the presenter module 672 can be located inthe server, and in some embodiments, the internal portion 675 of thepresenter module 672 can be located in the user device 106. In someembodiments, the external portion 673 of the presenter module can beconfigured to communicate and/or exchange data with the internal portion675 of the presenter module 672 as discussed herein. In someembodiments, for example, the external portion 673 of the presentermodule 672 can receive a data packet and can parse the data packet intoportions for providing to the internal portion 675 of the presentermodule 672 and portions for not providing to the internal portion 675 ofthe presenter module 672. In some embodiments, the external portion 673of the presenter module 672 can receive a request for additional dataand/or an additional data packet from the internal portion 675 of thepresenter module 672. In such an embodiment, the external portion 673 ofthe presenter module 672 can identify and retrieve the requested dataand/or the additional data packet from, for example, the database server104 and more specifically from the content library database 104.

With reference now to FIG. 13, a flowchart illustrating one embodimentof a process 440 for data management is shown. In some embodiments, theprocess 440 can be performed by the content management server 102, andmore specifically by the presentation system 408 and/or by thepresentation module or presentation engine. In some embodiments, theprocess 440 can be performed as part of the presentation process 670.

The process 440 begins at block 442, wherein a data packet isidentified. In some embodiments, the data packet can be a data packetfor providing to a student-user. In some embodiments, the data packetcan be identified based on a communication received either directly orindirectly from the recommendation engine 686.

After the data packet has been identified, the process 440 proceeds toblock 444, wherein the data packet is requested. In some embodiments,this can include the requesting of information relating to the datapacket such as the data forming the data packet. In some embodiments,this information can be requested from, for example, the content librarydatabase 303. After the data packet has been requested, the process 440proceeds to block 446, wherein the data packet is received. In someembodiments, the data packet can be received by the presentation system408 from, for example, the content library database 303.

After the data packet has been received, the process 440 proceeds toblock 448, wherein one or several data components are identified. Insome embodiments, for example, the data packet can include one orseveral data components which can, for example, contain different data.In some embodiments, one of these data components, referred to herein asa presentation component, can include content for providing to thestudent user, which content can include one or several requests and/orquestions and/or the like. In some embodiments, one of these datacomponents, referred to herein as a response component, can include dataused in evaluating one or several responses received from the userdevice 106 in response to the data packet, and specifically in responseto the presentation component and/or the one or several requests and/orquestions of the presentation component. Thus, in some embodiments, theresponse component of the data packet can be used to ascertain whetherthe user has provided a desired response or an undesired response.

After the data components have been identified, the process 440 proceedsto block 450, wherein a delivery data packet is identified. In someembodiments, the delivery data packet can include the one or severaldata components of the data packets for delivery to a user such as thestudent-user via the user device 106. In some embodiments, the deliverypacket can include the presentation component, and in some embodiments,the delivery packet can exclude the response packet. After the deliverydata packet has been generated, the process 440 proceeds to block 452,wherein the delivery data packet is provided to the user device 106 andmore specifically to the view module 674. In some embodiments, this caninclude providing the delivery data packet to the user device 106 via,for example, the communication network 120.

After the delivery data packet has been provided to the user device 106,the process 440 proceeds to block 454, wherein the data packet and/orone or several components thereof are sent to and/or provided to theresponse processor 678. In some embodiments, this sending of the datapacket and/or one or several components thereof to the responseprocessor can include receiving a response from the student-user, andsending the response to the student-user to the response processorsimultaneous with the sending of the data packet and/or one or severalcomponents thereof to the response processor. In some embodiments, forexample, this can include providing the response component to theresponse processor. In some embodiments, the response component can beprovided to the response processor from the presentation system 408.

With reference now to FIG. 14, a flowchart illustrating one embodimentof a process 460 for evaluating a response is shown. In someembodiments, the process can be performed as a part of the responseprocess 676 and can be performed by, for example, the response system406 and/or by the response processor 678. In some embodiments, theprocess 460 can be performed by the response system 406 in response tothe receipt of a response, either directly or indirectly, from the userdevice 106 or from the view module 674.

The process 460 begins at block 462, wherein a response is receivedfrom, for example, the user device 106 via, for example, thecommunication network 120. After the response has been received, theprocess 460 proceeds to block 464, wherein the data packet associatedwith the response is received. In some embodiments, this can includereceiving all or one or several components of the data packet such as,for example, the response component of the data packet. In someembodiments, the data packet can be received by the response processorfrom the presentation engine.

After the data packet has been received, the process 460 proceeds toblock 466, wherein the response type is identified. In some embodiments,this identification can be performed based on data, such as metadataassociated with the response. In other embodiments, this identificationcan be performed based on data packet information such as the responsecomponent.

In some embodiments, the response type can identify one or severalattributes of the one or several requests and/or questions of the datapacket such as, for example, the request and/or question type. In someembodiments, this can include identifying some or all of the one orseveral requests and/or questions as true/false, multiple choice, shortanswer, essay, or the like.

After the response type has been identified, the process 460 proceeds toblock 468, wherein the data packet and the response are compared todetermine whether the response comprises a desired response and/or anundesired response. In some embodiments, this can include comparing thereceived response and the data packet to determine if the receivedresponse matches all or portions of the response component of the datapacket, to determine the degree to which the received response matchesall or portions of the response component, to determine the degree towhich the receive response embodies one or several qualities identifiedin the response component of the data packet, or the like. In someembodiments, this can include classifying the response according to oneor several rules. In some embodiments, these rules can be used toclassify the response as either desired or undesired. In someembodiments, these rules can be used to identify one or several errorsand/or misconceptions evidenced in the response. In some embodiments,this can include, for example: use of natural language processingsoftware and/or algorithms; use of one or several digital thesauruses;use of lemmatization software, dictionaries, and/or algorithms; or thelike.

After the data packet and the response have been compared, the process460 proceeds to block 470 wherein response desirability is determined.In some embodiments this can include, based on the result of thecomparison of the data packet and the response, whether the response isa desired response or is an undesired response. In some embodiments,this can further include quantifying the degree to which the response isa desired response. This determination can include, for example,determining if the response is a correct response, an incorrectresponse, a partially correct response, or the like. In someembodiments, the determination of response desirability can include thegeneration of a value characterizing the response desirability and thestoring of this value in one of the databases 104 such as, for example,the user profile database 301. After the response desirability has beendetermined, the process 460 proceeds to block 472, wherein an assessmentvalue is generated. In some embodiments, the assessment value can be anaggregate value characterizing response desirability for one or more aplurality of responses. This assessment value can be stored in one ofthe databases 104 such as the user profile database 301.

With reference now to FIG. 15, a schematic illustration of oneembodiment of an early alert system 700, also referred to herein as apre-emptive alert triggering system 700 is shown. The system 700 caninclude one or several user devices 106 that can be connected to aninput aggregator 702. The input aggregator 702 can comprise anyhardware, software, or combination thereof that can receive input frommultiple devices operating multiple software programs and generate oneor several data streams containing those received inputs. In someembodiments, the input aggregator 702 can format and/or transform thereceived inputs. In some embodiments, the input aggregator 702 can belocated on the server 102.

The input aggregator 702 is connected to the event database 312 suchthat the outputs of the input aggregator 702 can be stored in the eventdatabase 312 as one or several events. The event database 312 can befurther connected to an allocation engine 704. The allocation engine canreorganize and/or re-allocate data stored in the event database 312. There-allocation can be performed on any desired basis including, forexample, a date of the activity resulting in the storing of data in theevent database 312, user associated with the data in the event database312, discipline associated with the data stored in the event database312, or the like. The allocation engine 704 can receive data from theevent database 312, re-allocate and/or reorganize that data, and storethe re-allocated and/or reorganized data in the event database 312.

The event database 312 can be additionally connected to a featurefactory 706. The feature factory 706 can comprise a hardware, software,or combined hardware/software module that is configured to generate oneor several features from data identifying events, which data identifyingevents can be stored in the event database 312. The feature factory 706can include a normalization engine that can process data entering thefeature factory 706 to improve the efficiency and/or operation of thefeature factory 706. This processing can include deduping, transforming,formatting, and/or flattening of data received by the feature factory706. The feature factory 706 can be located in or on the server 102.

After the data has passed the normalization engine, the data can bereceived by a feature engine 710 within the feature factory 706. Thefeature engine 710 can generate one or several features 712 from thedata received by the normalization engine. These features can be storedin the event database 312 and/or can be outputted to the inputaggregator 702 where they can be entered into the event database 312 andused for generating any desired higher-level features. The featureengine 710 can generate features according to feature generatinginstructions that can be stored in the database server 104, andspecifically within the event database 104. In some embodiments, thefeature engine 710 can further generate features according to one orseveral attributes of a configuration profile that can be, for example,stored in the customization database 313 and that can be provided to thefeature engine 710 by the configuration engine 714. In some embodiments,the configuration engine 714 can further receive data inputs from themodel database 309 which can link the configuration profile to one orseveral models in the model database 309.

Features generated by the feature factory 706 can be provided to theprediction engine 716 which can include a machine-learning algorithmsuch as, for example, a classifier 718 that can generate a riskprediction based on inputs received from the feature factory 706 and oneor several models received from the model database 309. Themachine-learning algorithm can include at least one of: a linearclassifier; a Random Forrest algorithm; an Artificial Neural Network; anAdaBoost algorithm; a Naïve Bayes algorithm; Boosting Tree, and aSupport Vector Machine. The prediction engine 716 can comprise anyhardware, software, or combination thereof that can generate aprediction, and specifically a risk prediction. The prediction engine716 can be located in or on the server 102.

In some embodiments, the models in the model database can be basedand/or trained by a training engine 720 according to data stored in thetraining database 311. The training engine 720 can comprise anyhardware, software, or combination thereof that can train a predictivemodel. The training engine 720 can be located in or on the server 102.

The prediction generated by the prediction engine 716 can be outputtedto the input aggregator 702 and stored in the event database 312 and/orcan be outputted to the user database 301 and stored in connection withthe user for whom the risk prediction was generated. The risk predictioncan then be provided to the risk API 722 which can generate one orseveral graphical depictions based on the risk prediction generated bythe prediction engine 716 and/or aggregate the risk prediction generatedby the prediction engine 716 with risk predictions for other students inthe same class and generate one or several graphical depictions of therisk for all or portions of the class. In some embodiments, the riskprediction can be provided to the algorithm monitoring API 724, cangenerate one or several graphical depictions based on second-level riskpredictions, discussed below. One or both of the risk API 722 and thealgorithm monitoring API 724 can then provide data to the interfaceengine 726. The interface engine 726 can comprise any hardware,software, or combination thereof that can generate a prediction, andspecifically a risk prediction. The interface engine 726 can be locatedin or on the server 102. In some embodiments, for example, the interfaceengine 726 can be located within the presentation system 408 of theserver 102 and can communication with the I/O subsystem 526 of one orseveral user devices 106 or supervisor devices 110 to provide content toone or several users or supervisors.

With reference now to FIG. 16, a schematic illustration of oneembodiment of a process 730 for making a risk determination is shown.This process 730 is depicted in the form by some of the components ofthe content distribution network 100. The process 730 begins when one orseveral electrical signals communications is funding user inputs aresent from the user device 106 to the feature factory 706. In someembodiments, this indication can be direct from the user device 106 tothe feature factory 706, and in some embodiments, this communication canpass through the input aggregator 702, the event database 312, and/orthe allocation engine 704.

At the feature factory, a plurality of features 732 are generated by,for example, the normalization engine 710. In some embodiments, thesefeatures 732 can be generated based on the identification of one orseveral traits or attributes of the communications of electrical signalsreceived from the user device 106 and the converting of those one orseveral traits or attributes of the communications electrical signalsinto one or several numbers, values, character strings, or the like. Asdepicted in FIG. 16, these features include a first feature 732-A, asecond feature 732-B, a third feature 732-C, and a fourth feature 732-D.These features can then be inputted into the prediction engine 716 whichcan use some or all the feature 732 to generate a risk prediction. Insome embodiments, a subset of the feature 732 can be identified byeither the feature factory 706 or the prediction engine 716 and thesubset can be inputted into the classifier 718 of the prediction engine716 to generate the risk prediction.

In some embodiments, after the risk prediction is generated, the usercan be identified as belonging to one or several categories such as forexample belonging to and at risk category 734 or as belonging to a notat risk category 736. In some embodiments, additional categories canexist further dividing users according to risk levels. In someembodiments, the risk prediction and the users grouping in a riskcategory can be stored in the database server 104, and specifically inthe user database 301.

With reference now to FIG. 17, a schematic illustration of oneembodiment of a process 740 for second-level machine-learning alerttriggering is shown. In some embodiments, this process 740 can beperformed to identify risk or to trigger alerts based on a riskprediction generated for second-level features and/or based on anomaliesidentified in second-level features. The process 740 can be performed byall or portions of the content distribution network.

In some embodiments, as features are added to the event database fromthe prediction engine 716 and/or the feature factory 706, thesefeatures, also referred to herein as facts, can be aggregated in one orboth of an individual fact aggregator 742 and a group fact aggregator744. In some embodiments, one or both of these fact aggregators 742, 744can aggregate first-level features generated relevant to the specificindividual or a specific group of users over a predetermined time periodor until a predetermined number of first-level features have beenaggregated. As used herein a first-level feature is generated from oneor several received electrical signals or communications from the userdevice 106 and a second-level feature is generated from one or severalfirst-level features.

After the predetermined time period has passed, or after thepredetermined number of first-level features has been aggregated, theaggregated first-level features can be provided to the feature factory706 which can generate second-level features from the receivedfirst-level features. In some embodiments, the feature factory 706 cangenerate second-level features according to instructions contained inthe event database 312. After the second-level features have beengenerated, the second-level features can be provided to the predictionengine 716 which can, in some embodiments use some or all of thesecond-level features to generate risk prediction. Alternatively, insome embodiments, the prediction engine 716 can review the second-levelfeatures to identify one or several anomalies in the second-levelfeatures. In some embodiments, this anomaly detection can be performedby comparing the newly generated second-level features to previouslygenerated second-level features. In some embodiments, this can includeidentifying a second-level feature set including second-level featuresgenerated from first level features generated from digitalcommunications received from the first user device and some of theadditional user devices. In some embodiments, the set is identifiedbased on a shared attribute of the user of the first user device andusers of the some of the additional user devices. Similar second-levelfeature sets can be identified, which the similar second-level featuresets can be identified based on a shared attribute of the second-levelfeature set and the similar second-level feature sets. An anomaly canthen be identified by the comparison of the second-level feature set andone or several of the similar second-level feature sets. If an anomalyis identified, than a risk is indicated based on the identified anomaly.In contrast to a risk calculated from first-level features, thisindicated risk calculated from second-level features according to theprocess 740 is non-specific to a single user.

The risk prediction can then be stored in the user database 301 inassociation with the group for which the risk calculation was generated.The algorithm monitoring API 724 can receive the risk prediction basedon the second-level features and can generate one or several graphicaldepictions of the risk prediction and/or identified anomaly in thesecond-level features. The algorithm monitoring API 724 can communicatewith the interface engine 726 to direct and/or control the userinterface of the user device 106 and/or supervisor device 110 to providethe one or several graphical depictions to the user and/or supervisor.

With reference now to FIG. 18, a schematic illustration of oneembodiment of the customization database 313 is shown. In someembodiments, the customization database 313 can include a plurality ofconfiguration profiles 350. These can include, for example, a firstconfiguration profile 350-A and a second configuration profile 350-B.The configuration profiles 350 can include, for example, informationspecifying a plurality of features 352. In some embodiments, and asshown in FIG. 18, each of the configuration profiles can comprise adifferent set of features. In some embodiments, some or all of theprofiles can further include a machine-learning algorithm which can be,for example, a model or classifier 354 that can be a unique ornon-unique. In the embodiment of FIG. 18, the first configurationprofile 350-A includes a first classifier 354-A and the secondconfiguration profile 350-B includes a second classifier 354-B. In someembodiments, the machine learning algorithm of the configuration profile350 can be customized and/or trained to create desired outputs based onthe features 352 of that configuration profile. In some embodiments,each configuration profile 350 can further include configurationinformation 356. This configuration information can identify how togenerate the features contained in the configuration profile 350. Insome embodiments in which a configuration profile 350 has uniquefeatures 352, the configuration profile 350 can further include uniqueconfiguration data such that, as shown in FIG. 18, the firstconfiguration profile 350-A has first configuration information 356-Aand the second configuration profile 350-B has second configurationinformation 356-B.

The customization database 313 can further include a linkingsub-database 358 and/or a profile sub-database 360. In some embodiments,the profile sub-database 360 can include information for identifying oneor several categories of users and/or for identifying one or severalusers as belonging to one or several categories. These categories can bebased on, for example, courses, instructors, disciplines, and/orschools, or can be custom categories. In some embodiments, some or allof these categories can be associated with a configuration profile 350,and in some embodiments, some or all of these categories can be uniquelyassociated with one of the configuration profiles 350 stored in thecustomization database 313. In some embodiments, the relations betweenthe categories identified in the profile sub-database 360 and theconfiguration profiles 350 can be stored in the linking sub-database358.

With reference now to FIG. 19, a swim-lane diagram of one embodiment ofa process 750 for early alerting is shown. The process 750 can includethe aggregation of a plurality of electrical signals and/orcommunications from one or several user devices 106, the generation ofone or several features from those one or several electrical signalsand/or communications, and the generation of a risk prediction with amachine-learning algorithm based on those one or several features. Theprocess 750 can be performed with one or more servers 102, memory 104,one or several user devices 106, and one or several supervisor devices110.

The process 750 begins at block 752, wherein one or several user inputsare received by the one or several user devices 106, and specificallyvia the I/O subsystems 526 of each of the one or several user devices106. In some embodiments, the I/O subsystems 526 can convert the userinputs into one or several electrical signals. At block 754, the one orseveral user devices 106 generate and send one or severalcommunications, which can comprise one or several electrical signals tothe server 102. In some embodiments, each of the one or several userdevices 106 can send one or several communications to the server 102 viathe communication network 120.

At block 756, the communications are received by the server 102. Theserver 102 can associate each of the received communications with theuser device 106 and/or the user associated with the user device 106 fromwhich the communication was received. The server 102 can then identifyone of the user devices 106 from which a communication was received, andas indicated in block 758, the server 102 can request evaluation dataand/or feature creation data. In some embodiments, the server can makesimilar requests for each of the user devices 106 from which acommunication was received.

At block 760, the data request can be received by the memory 104 fromthe server 102. With the data request, which can identify the user forwhom the data is requested, the memory 104 can identify an appropriateconfiguration profile that can be, for example, stored within one of thedatabases of the memory 104 such as, for example, the customizationdatabase 313. In some embodiments, the configuration profile can beselected according to information relating to the identified user suchas can be contained in the user metadata. This information may bespecific to the user for which the data request is received or may bespecific to a group to which the user belongs.

And block 764 evaluation and/or feature creation data are retrieved bythe memory 104. In some embodiments, for example, the evaluation datacan include information useful in evaluating the substance of thecommunications received by the server 100 to block 756 in the featurecreation data can be used by the server 102 to generate one or severalfeatures based on the communications received in block 756. In someembodiments, the evaluation data can be retrieved from the evaluationdatabase 308 and the feature creation data can be retrieved from theevent database 312. In some embodiments, the feature creation dataretrieved from the event database 312 can be specified in theconfiguration profile and/or limited by the configuration profile.

The retrieved evaluation and/or feature creation data can be provided tothe server and can be received by the server 100 to block 766. This datacan be then used, as indicated in block 768, to evaluate the receivedcommunications and/or to generate one or several features from thosereceived communications. In some embodiments, the evaluation can includedetermining whether the user inputs correspond to a correct response, anincorrect response, or the degree to which the response was correct. Insome embodiments, this evaluation can be generated for one or severalquestions or problems and/or for one or several question parts orproblem parts. The evaluation can come in some embodiments, be performedby the response system 406, and specifically by the response processor678.

The one or several features that together form a set of features can begenerated by the feature factory 706 and specifically by the featureengine 710. In some embodiments, at least some of these generatedfeatures, which can be generated based on the communications received inblock 756 and thus on the user inputs received in block 752, can bemeaningful features and/or can be non-meaningful features. In someembodiments, meaningful features are generated from substance identifiedand/or contained in the received communications, or more specificallybased on the evaluation of the received communications. In contrast, insome embodiments, the non-meaningful features can be generatedindependent of the substance identified in the received communicationsand/or can be independent of the evaluation for the receivedcommunications.

At block 770 one or several features are selected for use in generationof a risk prediction. In some embodiments these one or several featurescan comprise the set of features generated in block 768 or a subset ofthe set of features generated in block 768. In some embodiments, forexample, the configuration profile can identify specific features foruse in generation of a risk prediction. In spite of this, the set offeatures generated in block 768 may be larger and include more featuresthan those required for risk prediction according to the configurationprofile. These additional features, while not used for generation of therisk prediction, may be useful in creating a comprehensive and rich setof features which can enable further analysis or the generation ofadditional predictions. In such embodiments in which the set of featurescreated in block 768 includes features unnecessary for the riskprediction, the identification of a subset of features for inputtinginto the prediction engine 716 as indicated in block 770 can comprisethe selection of features identified in the configuration profile fromthe set of features generated in block 768. The evaluation and/orfeatures generated in block 768 can be stored in the memory 104 asindicated in block 769, and can be specifically stored in the userprofile database 301 and/or the event database 312.

After features for use in generating the risk prediction have beenidentified, the process 750 proceeds to block 772 wherein a riskprediction is generated. This risk prediction can be generated by theserver 102 and specifically by the prediction engine 716 encoding theclassifier 718. This risk prediction can be generated by inputting thefeatures identified in block 770 into the prediction engine 716 andspecifically in the classifier 718 and the execution of code oralgorithms associated with the prediction engine 716 and/or theclassifier 718. In some embodiments, the feature selected in block 770can be inputted into a machine-learning algorithm which can output arisk prediction.

At block 774 the user for whom the risk prediction was generated inblock 772 is identified as belonging to one or several risk categoriesand/or one or several relevant risk categories identified as applying tothe user for whom the risk prediction was generated. In someembodiments, this can include placing the user in a group identified asat risk, placing the user in a group identified as having anintermediate risk, or placing the user in a group identified as having alow risk. As indicated in block 775, the risk prediction and/or theidentified relevant risk cohort can be stored in the memory 104 asindicated in block 775. Specifically the risk prediction and/or therelevant risk cohort can be stored in the user profile database 301 ofthe memory 104.

At block 776, one or several second-level features can be generated bythe server. The second level features can be derivative features orchild features of the first-level features generated in block 768. Thesecond-level features can be generated by the feature factory 706 andspecifically by the feature engine 710 according to instructions and/orguidelines retrieved from the memory 104 and specifically from the eventdatabase 312. The generated second-level features can be stored in thememory 104 as indicated in block 777, and can be specifically stored inthe user profile database 301 and/or the event database 312.

After the second-level features have been generated, the second-levelfeatures can be evaluated to determine the presence of one or severalanomalies in the second-level features and/or to generate a riskprediction based on the second-level features as indicated in block 778.As discussed above with respect to FIG. 17, these anomalies can beidentified via a comparative process and/or the risk prediction can begenerated via the input of one or several second-level features into theprediction engine 716. Any identified anomaly or generated riskprediction for the second-level features can be stored in the memory104.

At block 780 one or several graphical risk depictions are generatedbased on the one or several anomalies identified in block 778 and/orbased on the risk prediction generated in block 778. These graphicalrisk depictions can be generated by the server and specifically by thealgorithm monitoring API 724. As indicated in block 782 the server candirect the launch and/or control the user interface that can be, forexample, located on one of the user devices 106 and/or on the supervisordevice 110. As indicated in block 784, the user interface can launch andthe user, in this case the supervisor, can interact with user-interfaceto switch between views and/or two received desired information. In someembodiments, the user can interact with the user interface so as togenerate and send a communication as indicated in block 786. This can bedone based on information, and specifically cohort communicationinformation that can be retrieved from the memory 104 as indicated inblock 787. The communication can then be sent to one or several userdevices 106 from the supervisor device 110 via the communication network120 and can be received at the one or several recipient user devices 106as indicated in block 788.

With reference now to FIG. 20, a flowchart illustrating one embodimentof a process 800 for automatic alert triggering is shown. The process800 can be performed by all or portions of the content distributionnetwork 100 and specifically by one or more servers 102. The process 800begins at block 802 wherein a communication is received by the server102 from the user device 106 the communication network 120. Thiscommunication can comprise one or several electrical signals that canidentify user interactions with all or portions of the contentdistribution network and/or content distributed by the contentdistribution network 100 to the user. This communication can comprise apayload that can be, for example, a response to one or several questionsor one or several question parts. In some embodiments, this payload canfurther identify the content and/or question giving rise to theresponse.

After the communication is received, the process 800 proceeds to block804 wherein evaluation data is received. In some embodiments, the server102 can query the database server 104 for evaluation information toevaluate the response received as a part of the communication in block802. The memory 104 can identify this evaluation information within oneof the databases, and specifically within the evaluation database 308and can provide this evaluation information to the server 102. After theevaluation data is received, the process 800 can proceed to block 806wherein the communication, and specifically the response contained inthe communication can be evaluated. This evaluation can be performed bythe response system 406 and specifically by the response processor 678of the server 102 and can include determining whether and/or the degreeto which the user correctly responded to one or several questions orquestion parts.

After the communication has been evaluated, the process 800 proceeds toblock 808 wherein feature creation data is received and/or retrieved. Insome embodiments, the feature creation data can be received and/orretrieved from the database server 104 and specifically from the eventdatabase 312 in the database server 104. In some embodiments, the server102 can request feature creation data from the database server 104,which request can include user metadata identifying one or severalattributes of the user and/or metadata associated with the providedquestion are content to which the response to the communication wasreceived. The database server 104 can identify the relevant featurecreation data and can provide the relevant feature creation data to theserver 102. At block 810, the server 102, and specifically the featureengine 710 of the feature factory 706 can generate features according tothe received feature creation data. In some embodiments, this caninclude the generation of one or several meaningful features based onthe evaluation of the received communication, and/or in someembodiments, this can include the generation of one or severalnon-meaningful features. In some embodiments this can include thenormalization performed by the normalization engine 708 before thegeneration of features by feature engine 710.

After the features have been generated, the process 800 proceeds toblock 812 wherein a machine-learning algorithm is identified. In someembodiments, this can be the machine-learning algorithm which can be,for example, a model or classifier for use in generating the desiredrisk prediction. The machine-learning algorithm can include at least oneof: a linear classifier; a Random Forrest algorithm; an ArtificialNeural Network; an AdaBoost algorithm; a Naïve Bayes algorithm; BoostingTree, and a Support Vector Machine. In some embodiments, for example,the configuration profile may identify a specific learning algorithm,model, and/or classifier in addition to specifying which features are tobe used for generating the risk prediction. If such a learningalgorithm, model, and/or classifier is identified, the server 102 canrequest this learning algorithm, model, and/or classifier from thedatabase server 104 and specifically from the model database 309. Thedatabase server 104 can retrieve the requested learning algorithm,model, and/or classifier and can provide data associated therewithand/or the learning algorithm, model, and/or classifier to the server102.

At block 814 some or all of the generated features are inputted into thelearning algorithm, model, and/or classifier. At block 816, a riskprediction is generated by the prediction engine 716 and specifically bythe classifier 718. In some embodiments, the prediction engine 716 canoutput a risk prediction or can output an indication that insufficientfeatures have been provided to generate a risk prediction. After therisk prediction is generated, the process 800 proceeds to block 818wherein the user's category is in one of several risk categoriesaccording to the risk level. In some embodiments, the categorization canbe performed by the server 102 and specifically by the prediction engine716. In some embodiments, this categorization can be performed bycomparing the risk prediction to threshold values delineating betweenthe several risk categories. Based on the result of the comparisonbetween the risk prediction of the threshold values, the user can beidentified as belonging to one of the risk categories and user metadatastored in the user profile database 301 can be updated to reflect thiscategorization. In embodiments in which there are insufficient featuresto generate a risk prediction, the user can be identified as belongingto a category indicative of having no risk prediction and/or of lackingsufficient features to generate a risk prediction.

At block 820 one or several graphical depictions of risk are generated.In some embodiments, these graphical depictions of risk can take therisk level of the user from which the communication was received inblock 802, the sources of risk, change in risk over time, or the like.These graphical depictions of risk can be generated by the risk API 722which can be a part of, or operating on the server 102. After thegraphical risk depictions have been generated, the process 800 proceedsto block 822 wherein the risk prediction is compared to an alert riskthreshold. In some embodiments, the alert risk threshold can delineatebetween instances in which the risk prediction is sufficiently high soas to warrant an intervention or remediation from instances in which therisk prediction is not sufficiently high so as to warrant interventionor remediation. The risk alert threshold can be retrieved from thedatabase server 104, and specifically from the threshold database 310.

If it is determined that an intervention is identified based on thecomparison of the risk prediction and the alert risk threshold, then theprocess 800 proceeds to block 824 wherein an intervention is identified.In some embodiments, intervention can be identified based on usermetadata and metadata associated with the question and/or content givingrise to the communication received from the user in block 802. Thisintervention can be retrieved from the database server, and specificallyfrom the content library database 303 of the database server 104.

After the intervention has been identified, or after determining thatthe risk prediction does not warrant an intervention, the process 800proceeds to block 826 wherein an alert is generated and displayed and/ordelivered. In some embodiments, the alert can comprise an indication ofa risk level such as, for example, some of the one or several graphicaldepictions of risk generated in block 820. In some embodiments, thealert can comprise a user interface containing these graphicaldepictions of risk for the user or for a group to which the userbelongs. In some embodiments, the alert can comprise an electroniccommunication sent from the server 102 to the user device 106 and/orsupervisor device 110. This electronic communication can include code todirect the launch of the user interface and a display of the graphicalrisk depictions generated in block 820. In some embodiments, the alertcan further be configured to deliver an indication of the interventionidentified in block 824.

With reference now to FIG. 21, a flowchart illustrating one embodimentof a process 830 for triggering a pre-emptive alert is shown. Theprocess 830 can be performed by all or portions of the contentdistribution network. The process 830 begins at block 832 wherein acommunication is received by the server 102 from the user device 106 orthe communication network 120. This communication can comprise one orseveral electrical signals that can identify user interactions with allor portions of the content distribution network and/or contentdistributed by the content distribution network 100 to the user. Thiscommunication can comprise a payload that can be, for example, aresponse to one or several questions or one or several question parts.In some embodiments, this payload can further identify the contentand/or question giving rise to the response.

After the communication is received, the process 830 proceeds to block834 wherein feature creation data is received and/or retrieved. In someembodiments, the feature creation data can be received and/or retrievedfrom the database server 104 and specifically from the event database312 in the database server 104. In some embodiments, the server 102 canrequest feature creation data from the database server 104, whichrequest can include user metadata identifying one or several attributesof the user and/or metadata associated with the provided question arecontent to which the response to the communication was received. Thedatabase server 104 can identify the relevant feature creation data andcan provide the relevant feature creation data to the server 102. Atblock 836, the server 102, and specifically the feature engine 710 ofthe feature factory 706 can generate features according to the receivedfeature creation data. In some embodiments, some or all of the generatedfeatures can be meaningful, and/or in some embodiments some or all ofthe features can be non-meaningful. In some embodiments this can includethe normalization performed by the normalization engine 708 before thegeneration of features by feature engine 710.

In block 838 risk calculation information is retrieved. In someembodiments, the risk calculation information can comprise portions ofthe configuration profile identifying a subset of features for use ingenerating the risk prediction. The configuration profile and thus therisk calculation information can be identified based on one or severaltraits or attributes of the user as identified in the user metadata.After the risk calculation information has been retrieved, the process830 proceeds block 840 wherein a sub-set of features is selected. Insome embodiments, for example, the feature set generated in block 836includes more features than identified in the risk calculationinformation for use in calculating the user's risk prediction. In suchan embodiment, the sub-set of features is selected from the feature setgenerated in block 836, which sub-set of features coincides with thefeatures identified in the configuration profile.

After the sub-set of features is selected, the process 830 proceeds toblock 842 wherein a machine-learning algorithm is identified. In someembodiments, this can be the machine-learning algorithm which can be,for example, a model or classifier, such as a linear classifier or aprobabilistic classifier, for use in generating the desired riskprediction. In some embodiments, the machine-learning algorithm, model,or classifier can comprise one of: Random Forrest algorithm; anArtificial Neural Network; an AdaBoost algorithm; a Naïve Bayesalgorithm; Boosting Tree, and a Support Vector Machine. In someembodiments, for example, the configuration profile may identify aspecific learning algorithm, model, and/or classifier in addition tospecifying which features to be used for generating the risk prediction.If such a learning algorithm, model, and/or classifier is identified,the server 102 can request this learning algorithm, model, and/orclassifier from the database server 104 and specifically from the modeldatabase 309. The database server 104 can retrieve the requestedlearning algorithm, model, and/or classifier and can provide dataassociated therewith and/or the learning algorithm, model, and/orclassifier to the server 102.

After the machine-learning algorithm has been identified, the process830 proceeds to block 844 wherein the sub-set of features is input intothe machine-learning algorithm. In some embodiments, this can includethe formatting or modification of the features so as to correspond withrequirements of the machine-learning algorithm. After the sub-set offeatures has been inputted into the machine-learning algorithm, theprocess 830 proceeds to block 846 wherein the risk prediction isgenerated by the machine-learning algorithm selected in block 842. Insome embodiments, after the generation of the risk prediction, theprocess 830 can proceed to blocks 822 through 826 of FIG. 20.

With reference now to FIG. 22, a flowchart illustrating one embodimentof a process 850 for on-the-fly alert triggering customization is shown.The process 850 can be performed by all or portions of the contentdistribution network 100. The process 850 begins at block 852 wherein acommunication is received by the server 102 from the user device 106 onthe communication network 120. This communication can comprise one orseveral electrical signals that can identify user interactions with allor portions of the content distribution network and/or contentdistributed by the content distribution network 100 to the user. Thiscommunication can comprise a payload that can be, for example, aresponse to one or several questions or one or several question parts.In some embodiments, this payload can further identify the contentand/or question giving rise to the response. In some embodiments,communications can be received from multiple devices, and specificallyfrom a first user device and a second user device.

After the communication is received, the process 850 proceeds to block854 wherein evaluation data is received. In some embodiments, the server102 can query the database server 104 for evaluation information toevaluate the response received as a part of the communication in block802. The memory 104 can identify this evaluation information within oneof the databases, and specifically within the evaluation database 308and can provide this evaluation information to the server 102. After theevaluation data is received, the process 850 can proceed to block 856wherein the communication, and specifically the response contained inthe communication can be evaluated. In embodiments in whichcommunications are received from multiple devices, communications fromeach of the multiple devices can be evaluated, thus the communicationfrom the first user device 106 can be evaluated and the communicationfrom the second user device 106 can be evaluated. This evaluation can beperformed by the response system 406 and specifically by the responseprocessor 678 of the server 102 and can include determining whetherand/or the degree to which the user correctly responded to one orseveral questions or question parts.

After the evaluation of the communication, the process 850 proceeds toblock 858 wherein user metadata is received. In some embodiments, theuser metadata can be received by the server 102 from the database server104, and specifically from the user profile database 301 of the databaseserver 104. In some embodiments, all or portions of the user metadataare unique to the user of the user device 106 and in some embodiments,all or portions of the user metadata are non-unique to the user of theuser device 106. In embodiments in which the metadata are unique, themetadata can be generated based on the individual user's interactionswith the content of the content distribution network 100, and inembodiments in which the metadata are non-unique, the metadata can begenerated based on the individual user's belonging to a group or cohortsuch as, for example, a class, a school, a program, or the like. In someembodiments, non-unique user metadata can be shared by a group or cohortof users sharing at least one common attribute. In embodiments in whichcommunications are received from multiple user devices, user metadatacan be received for the user of each of the user devices 106 from whicha communication is received.

After the user metadata is received, the process 850 proceeds to block860 wherein a risk calculation customization is identified. In someembodiments, the risk calculation customization can correspond tofeatures used for a risk prediction and/or the machine-learningalgorithm used for the risk prediction. The risk calculationcustomization can be identified in the configuration profile which canidentify a sub-set of features for use in generating the risk predictionand/or the machine-learning algorithm, model, and/or classifier for usein generating this risk prediction. In embodiments in whichcommunications are received from multiple user devices, a configurationprofile for each of the user devices 106 can identified. Theconfiguration profile and thus the risk customization can be identifiedbased on one or several traits or attributes of the user as identifiedin the user metadata.

After the risk calculation customization is generated, the process 850proceeds to block 862, wherein feature creation data is received and/orretrieved. In some embodiments, the feature creation data can bereceived and/or retrieved from the database server 104 and specificallyfrom the event database 312 in the database server 104. In someembodiments, the server 102 can request feature creation data from thedatabase server 104, which request can include user metadata identifyingone or several attributes of the user and/or metadata associated withthe provided question are content to which the response to thecommunication was received. The database server 104 can identify therelevant feature creation data and can provide the relevant featurecreation data to the server 102. At block 864, the server 102, andspecifically the feature engine 710 of the feature factory 706 cangenerate features, and specifically a set of features according to thereceived feature creation data. In some embodiments this can include thenormalization performed by the normalization engine 708 before thegeneration of features by feature engine 710. In some embodiments, theset of features generated in step 862 coincides with the featuresidentified in the risk calculation customization, and in someembodiments, features in addition to those identified in the riskcalculation customization are generated. In embodiments in whichcommunications are received from multiple user devices 106, a set offeatures can be generated for communications from each of the multipleuser devices 106.

After the feature set is generated, the process 850 proceeds to block866 wherein a sub-set of features is identified and selected. In someembodiments, the sub-set of features is selected from the feature setgenerated in block 864, which sub-set of features coincides with thefeatures identified in the configuration profile. In embodiments inwhich communications are received from multiple user devices 106, asub-set of features can be identified from the set of features createdfor each of the user devices 106.

After the sub-set of features is selected, the process 850 proceeds toblock 868 wherein a machine-learning algorithm is identified. In someembodiments, this can be the machine-learning algorithm which can be,for example, a model or classifier for use in generating the desiredrisk prediction. In some embodiments, for example, the configurationprofile may identify a specific one of several learning algorithms,models, and/or classifiers in addition to specifying which features areto be used for generating the risk prediction. In some embodiments, theconfiguration profile can be based on portions of the user metadata thatare unique to the user and/or on portions of the user metadata that arenon-unique to the user. If such a learning algorithm, model, and/orclassifier is identified, the server 102 can request this learningalgorithm, model, and/or classifier from the database server 104 andspecifically from the model database 309. In embodiments in whichcommunications are received from multiple user devices 106, a learningalgorithm can be identified for the risk prediction for each of the userdevices 106, which learning algorithm can be identified based on theconfiguration profile of each of the user devices 106. The databaseserver 104 can retrieve the requested learning algorithm, model, and/orclassifier and can provide data associated therewith and/or the learningalgorithm, model, and/or classifier to the server 102.

After the learning algorithm has been identified, the process 850proceeds to block 872, wherein the sub-set of features is input into themachine-learning algorithm. In some embodiments, this can include theformatting or modification of the features so as to correspond withrequirements of the machine-learning algorithm. In embodiments in whichcommunications are received from multiple user devices 106, a sub-set offeatures selected for each of the user devices 106 from which acommunication was received can be inputted into the machine-learningalgorithm identified for the user associated with that user device 106in block 868. In some embodiments, inputting the sub-set of featuresinto the classifier can comprise: generating a feature vector for eachof the features in the sub-set of features; and inputting the featurevectors into the classifier. After the sub-set of features has beeninputted into the machine-learning algorithm, the process 850 proceedsto block 874 wherein the risk prediction is generated by themachine-learning algorithm selected in block 868. In embodiments inwhich communications are received from multiple user devices 106, thiscan include the generation of multiple risk predictions.

After the risk prediction is generated, the process 850 proceeds toblock 876, wherein an alert is generated and displayed and/or delivered.In some embodiments, the alert can comprise an indication of a risklevel such as, for example, some of the one or several graphicaldepictions of risk. In some embodiments, the alert can comprise a userinterface containing these graphical depictions of risk for the user orfor a group to which the user belongs. In embodiments in whichcommunications are received from multiple user devices 106, this caninclude the generating and sending of an alert to some or all of theuser devices 106 from which a communication was received in block 852.In some embodiments, the alert can comprise an electronic communicationsent from the server 102 to the user device 106 and/or supervisor device110. This electronic communication can include code to direct the launchof the user interface and a display of the graphical risk depictions. Insome embodiments, the alert can further be configured to deliver anindication of the intervention identified in block 824.

With reference now to FIG. 23, a flowchart illustrating one embodimentof a process 900 for user-independent second-level machine-learningalert triggering is shown. The process 900 can be performed by all orportions of the content distribution network 100 and specifically by theserver 102. The process 900 begins at block 902 wherein a communicationis received by the server 102 from at least one user device 106, andspecifically from a first user device and a second user device via thecommunication network 120. This communication can comprise one orseveral electrical signals that can identify user interactions with allor portions of the content distribution network and/or contentdistributed by the content distribution network 100 to the user. Thiscommunication can comprise a payload that can be, for example, aresponse to one or several questions or one or several question parts.In some embodiments, this payload can further identify the contentand/or question giving rise to the response.

After the communication is received, the process 900 proceeds to block904 wherein evaluation data is received. In some embodiments, the server102 can query the database server 104 for evaluation information toevaluate the response received as a part of the communication in block902. The memory 104 can identify this evaluation information within oneof the databases, and specifically within the evaluation database 308and can provide this evaluation information to the server 102. In someembodiments, this can include identifying first evaluation data forevaluating the communication received from the first user device andidentify second evaluation data for evaluating the communicationreceived from the second user device. After the evaluation data isreceived, the process 900 can proceed to block 906 wherein thecommunications, and specifically the responses contained in thecommunications can be evaluated. This evaluation can be performed by theresponse system 406 and specifically by the response processor 678 ofthe server 102 and can include determining whether and/or the degree towhich the users correctly responded to one or several questions orquestion parts.

After the communications have been evaluated, the process 900 proceedsto block 908 wherein first-level feature creation data is receivedand/or retrieved. In some embodiments, the first-level feature creationdata can be received and/or retrieved from the database server 104 andspecifically from the event database 312 in the database server 104. Insome embodiments, the server 102 can request first-level featurecreation data from the database server 104, which request can includeuser metadata identifying one or several attributes of the users and/ormetadata associated with the provided questions or content to which theresponses to the communication was received. The database server 104 canidentify the relevant first-level feature creation data and can providethe relevant first-level feature creation data to the server 102. Atblock 910, the server 102, and specifically the feature engine 710 ofthe feature factory 706 can generate first-level features according tothe received first-level feature creation data. In some embodiments thiscan include the normalization performed by the normalization engine 708before the generation of features by feature engine 710. In someembodiments, a first set of first-level features can be generated forcommunications received from the first user device and a second set offirst-level features can be generated for communications received fromthe second user device.

After the first-level features have been generated, the process 900proceeds to block 912 wherein first-level risk predictions aregenerated, and specifically wherein a first first-level risk predictionis generated based on the first set of first-level features generatedfor communications received from the first user device and a secondfirst-level risk prediction is generated based on the second set offirst-level features generated for communications received from thesecond user device. In some embodiments, the generation of thefirst-level predictions can include the inputting of the first-levelfeatures into a machine-learning algorithm, model, and/or classifierthat can reside within the prediction engine 716 of the server 102.

After the first-level risk predictions have been generated, the process900 proceeds to block 914 wherein first level features are aggregated.In some embodiments, for example, the first-level features can beaggregated for individuals from whose communications the first-levelfeatures were generated and/or the first-level features can beaggregated for groups of individuals sharing at least one commonattribute from whose communications the first-level features weregenerated. In some embodiments, first-level features can be aggregatedin the database server 104 and specifically within the event database312.

As the first-level features are aggregated, an attribute of theaggregation of first level features can be compared to a threshold ortrigger or generation of second-level features. In some embodiments,this trigger can be based on an amount of lapsed time since the start ofaggregation of first-level features and/or since the last generation ofsecond-level features, and in some embodiments, this trigger can bebased on a number of aggregated first-level features. In embodiments inwhich first-level features are aggregated for a period of time followedby creation of second-level features, first level features can beaggregated over a series of sequential predetermined periods of time. Insome embodiments, a set of second-level features can be generated at theconclusion of the periods of time in the series of sequentialpredetermined periods of time. In some embodiments, the triggering ofthe second-level feature calculation can include comparing the amount oflapsed time to the threshold and/or comparing the number of aggregatedfirst-level features to the threshold. If the special has been met orexceeded, then second-level feature calculation can be triggered.

After the triggering of second-level feature calculation, the process900 proceeds to block 918 wherein second-level feature creation data isretrieved or received. In some embodiments, the second-level featurecreation data can be retrieved from the database server 104 by theserver 102, and can be specifically retrieved from the event database312 by the server 102. In some embodiments, the second-level featurecreation data can include instructions for the creation and/orgeneration of second-level features from the first level featuresgenerated from or based on the digital communications received from theuser devices 106 in block 902.

After the second-level feature creation data has been received, theprocess 900 proceeds to block 920 wherein second-level features aregenerated. In some embodiments, second-level features can be generatedaccording to the second-level feature creation data retrieved in block919 by the feature factory 706 and specifically by the feature engine710 of the feature factory 706. The second-level features can begenerated from first-level features generated from communicationsreceived from a single user device or from first-level featuresgenerated from communications received from multiple user devices. Thegenerated second-level features can be stored in the database server 104and specifically within the event database 312 of the database server104 and/or in the user profile database 301 of the database server 104.

After the second-level features have been generated, the process 900proceeds block 922 wherein a second level risk prediction is generated.In some embodiments, the second-level risk prediction can be generatedby inputting some or all of the second-level features into theprediction engine 716 and specifically into the classifier 718 of theprediction engine 716. In some embodiments, the generation of thesecond-level risk prediction can include the identifying of a set ofsecond-level features for inputting into the prediction engine 716. Insome embodiments, this set of second-level features can includesecond-level features generated from first level features generated fromcommunications received from multiple user devices. In such anembodiment, the set of second-level features can be selected based on atleast one common attribute of users from whose communications thefirst-level features, and ultimately the second-level features aregenerated. In some embodiments, this set of second-level features canthen be inputted into the prediction engine 716 which can generate arisk prediction that is nonspecific to the user of the first user deviceas the risk prediction is based off of second-level features ultimatelygenerated from communications from multiple user devices 106.

In some embodiments, the generation of the risk prediction can includethe identification of an anomaly within a set of second-level features.In such an embodiment, generating the risk prediction includesidentifying a set of second-level features that include second-levelfeatures generated ultimately based on communications from one or moreuser devices such as, for example, the first user device and the seconduser device. As discussed above, this set of second-level features canbe identified based on a shared attribute of the users of the userdevices. After the set of second-level features is identified, one orseveral similar second-level feature sets can be identified. These oneor several similar second-level feature sets can share the same commonattribute as shared by users for whom the set of second-level featuresis identified. However, these one or several similar second-levelfeature sets can be associated with other user devices and/or with firstlevel features generated based on communications from other userdevices.

After the similar second-level feature sets have been identified, ananomaly in the second-level feature set can be identified. This anomalycan be identified through a comparison of the second-level feature setand the one or several similar second-level feature sets. Thiscomparison can be performed by the server 102.

After the second-level risk prediction is generated, the process 900 canproceed to block 924 wherein an alert is generated and displayed and/ordelivered. In some embodiments, this can include indicating the riskbased on the identified anomaly, which risk is nonspecific to anyindividual user, but is rather specific to the group of users for whomsecond-level features in the set of second-level features weregenerated. In some embodiments, the alert can comprise an indication ofa risk level such as, for example, some of the one or several graphicaldepictions of risk generated. In some embodiments, the alert cancomprise a user interface containing these graphical depictions of riskfor the user or for a group to which the user belongs. In someembodiments, the alert can comprise an electronic communication sentfrom the server 102 to the user device 106 and/or supervisor device 110.This electronic communication can include code to direct the launch ofthe user interface and a display of the graphical risk depictions.

With reference now to FIG. 24, a flowchart illustrating one embodimentof a process 930 for triggering second-level feature generation isshown. The process 930 can be performed as a part of, or in the place ofblock 916 of FIG. 23. The process 930 can be performed by the contentdistribution network 100 and/or components thereof including the server102. The process 930 begins at block 932, wherein a first-level featureis added to a feature aggregation. In some embodiment, this featureaggregation can be an aggregation for an individual from whosecommunications the first-level features were generated and/or thisfeature aggregation can be an aggregation for a group of individualssharing at least one common attribute and from whose communications thefirst-level features were generated. In some embodiments, first-levelfeatures can be aggregated in the database server 104 and specificallywithin the event database 312.

After the feature has been added to the aggregation, the process 930proceeds to block 934, wherein a number of aggregated features and/orthe amount of passed time since the most recent second-level featuregeneration was triggered. In some embodiments, for example, a timer canbe started after the triggering of the second-level feature generation.When this timer reaches a threshold value, then another second-levelfeature generation can be triggered. Alternatively, in some embodimentsa count is reset after the triggering of the second-level featuregeneration. This count is incremented when a first-level feature isadded to the aggregation associated with the content. When the countreaches or exceeds a threshold value, then the new second-level featuregeneration is triggered and the count can reset. In some embodiments,the value of this count and/or the value of this timer is determined bythe server 102 and step 934.

After the number of aggregated features and/or the amount of passed timehas been determined, the process 930 proceeds to block 936 wherein ageneration threshold is retrieved. In some embodiments, the generationthreshold can delineate between instances in which a generation ofsecond-level features is indicated and instances in which a generationof second-level features is not indicated. The generation threshold canbe retrieved from the database server 104 and specifically from thethreshold database 310.

After the generation threshold has been retrieved, the process 930proceeds to block 938 wherein numbers and/or the timer is compared tothe generation threshold. Then the process 930 proceeds to decisionstate 940 wherein it is determined that threshold has been reached. Ifit is determined that the threshold has not been reached, then theprocess 930 returns to block 932 and continues as outlined above.Alternatively, if it has been determined that the threshold has beenreached and that the second-level feature generation is indicated, thenthe timer and/or the count can reset and the process 930 continues toblock 942 and proceeds to block 918 of FIG. 23. In some embodiments, theprocess 930 further returns to block 932 and continues as outlined abovewith the aggregation of new first-level features.

With reference now to FIG. 25, a flowchart illustrating one embodimentof a process 950 for generating second-level risk predictions is shown.The process 950 can be performed as a part of or in the place of thestep of block 922 of FIG. 23. The process 950 begins a block 952 whereina second-level feature set is identified. This second-level feature setincludes second-level features generated ultimately based oncommunications from one or more user devices such as, for example, thefirst user device and the second user device. As discussed above, thisset of second-level features can be identified based on a sharedattribute of the users of the user devices. The second-level feature setcan be identified by the server 102.

After the second-level feature set has been identified, the process 950proceeds to block 954 wherein a corresponding second-level comparisonset, also referred to herein as an similar second-level feature set isidentified. These one or several similar second-level feature sets canshare the same common attribute as shared by users for whom the set ofsecond-level features is identified. However, these one or severalcorresponding second-level feature sets can be associated with otheruser devices and/or with first level features generated based oncommunications from other user devices. These one or several similarsecond-level feature sets can be identified from a plurality ofsecond-level feature sets stored in the database server 104 andspecifically in the event database 312 of the database server 104. Theseone or several similar second-level feature sets can be identified viacomparison of the one or several shared attributes making the usersassociated with the second-level feature set identified in block 952 toone or several traits or attributes associated with some or all of theplurality of second-level feature sets stored in the database server104. This comparison can be performed by the server 102.

After the similar second-level feature set has been identified, theprocess 950 proceeds block 956 wherein the feature set identified inblock 952 is compared to the one or several corresponding second-levelfeature sets identified in block 954. Based on this comparison, ananomaly in the second-level feature set identified in block 952 can beidentified. In some embodiments, an anomaly can be identified when allor portions of the second-level feature set deviates from all orportions of the corresponding similar second-level feature set by morethan a threshold value or threshold percentage. In some embodiments, theidentification the anomaly can thus include a determination of a deltavalue characterizing the difference between all or portions of thesecond-level feature set and all or portions of the correspondingsimilar second-level feature set, comparing this delta value to ananomaly threshold value which can be retrieved from the thresholddatabase 310, and identifying an anomaly in the delta value meets orexceeds the anomaly threshold value. Based on the comparison performedin block 956, an anomaly can be identified in some embodiments in block958. If the anomaly is identified, then, as indicated in block 959, arisk value is indicated based on the identified anomaly. In someembodiments, this risk value can increase based on the number ofanomalies identified in the comparison and/or based on the magnitude ofone or several anomalies identified in the comparison. After the riskhas been indicated, then the process 950 can terminate and/or proceed toblock 924 of FIG. 23.

With reference now to FIG. 26, a flowchart illustrating one embodimentof a process 960 for generating second-level risk predictions is shown.The process 960 can be performed as a part of or in the place of thestep of block 922 of FIG. 23. The process 960 begins a block 962 whereina second-level feature set is identified. This second-level feature setincludes second-level features generated ultimately based oncommunications from one or more user devices such as, for example, thefirst user device and the second user device. As discussed above, thisset of second-level features can be identified based on a sharedattribute of the users of the user devices. The second-level feature setcan be identified by the server 102.

After the second-level feature set is identified, the process 960proceeds to block 964 wherein a machine-learning algorithm, model,and/or classifier is identified. In some embodiments, themachine-learning algorithm, model, and/or classifier can be identifiedthat is trained to generate a risk prediction based on second-levelfeatures, and specifically based on the second-level features in theidentified second-level feature set. In some embodiments, themachine-learning algorithm, model, and/or classifier can be identifiedfrom one of a plurality of machine-learning algorithms, models, and/orclassifiers stored in the database server 104 and specifically withinthe model database 309 of the database server 104.

After the classifier has been identified, the process 960 proceeds toblock 966 wherein the second-level features in the identifiedsecond-level feature set are inputted into the machine-learningalgorithm, model, and/or classifier. In some embodiments, this caninclude generating a feature vector for each of the features in thesecond-level feature set; and inputting the feature vectors into themachine-learning algorithm, model, and/or classifier. After thesecond-level features in the identified second-level feature set areinputted into the machine-learning algorithm, model, and/or classifier,the process 960 proceeds to block 968 wherein a risk prediction isgenerated. In some embodiments, the risk prediction can be generated bythe implementation and/or execution of code associated with and/orforming the machine-learning algorithm, model, and/or classifier. Themachine-learning algorithm, model, and/or classifier can output the riskprediction. After the risk has been indicated, then the process 950 canterminate and/or proceed to block 924 of FIG. 23.

With reference now to FIG. 27, a flowchart illustrating one embodimentof a process 970 for inputting features into the prediction engine 716,and specifically into the machine-learning algorithm, model, and/orclassifier is shown. The process 970 begins at block 972 wherein featurevectors are generated. In some embodiments, a feature vector can begenerated for each and/or for one or several of the features in a set offeatures and/or in the subset of features to be inputted into theprediction engine 716. These feature vectors can comprise n-dimensionalvectors of the numerical features. The feature vectors can be generatedby the feature factory 706.

After the feature vectors have been generated, the process 970 proceedsto block 974, wherein the feature vectors are inputted into theprediction engine 716, and specifically into the machine-learningalgorithm, model, and/or classifier. After the feature vectors areinputted into the prediction engine 716, and specifically into themachine-learning algorithm, model, and/or classifier, the predictionengine 716, and specifically into the machine-learning algorithm, model,and/or classifier can operate according to its training to output a riskprediction.

With reference now to FIG. 28, a flowchart illustrating one embodimentof a process 1000 for delivery of a triggered alert is shown. Theprocess 1000 can be performed by all or portions of the contentdistribution network 100, and specifically by the server 104 and thepresentation system 408 thereof.

The process 1000 begins at block 1002, wherein a communication isreceived by the server 102 from at least one user device 106, andspecifically from a first user device and a second user device via thecommunication network 120. This communication can comprise one orseveral electrical signals that can identify user interactions with allor portions of the content distribution network and/or contentdistributed by the content distribution network 100 to the user. Thiscommunication can comprise a payload that can be, for example, aresponse to one or several questions or one or several question parts.In some embodiments, this payload can further identify the contentand/or question giving rise to the response.

After the communication has been received, the process 1000 proceedsblock 1004 wherein a risk prediction is generated. In some embodiments,the risk prediction can be generated by the server 102 and specificallyby the feature factory 706 and/or the prediction engine 716. In someembodiments, generating the risk prediction can include receivingevaluation data, evaluating the communication, generating one or severalfeatures based on the received communication, generating one or severalfeature vectors from the generated features, inputting the generated oneor several feature vectors into the prediction engine 716, andoutputting a risk prediction from the prediction engine 716.

After the risk prediction has been generated, the process 1000 proceedsblock 1006 wherein generation of the user interface is directed and/orcontrolled. In some embodiments, this can include generating one orseveral control signals of the server and sending those one or severalcontrol signals to a device that can include the user device and/or theycan be different than the user device 106, and specifically to asupervisor device 110. In some embodiments, these one or several controlsignals can direct the I/O subsystem 526 of the recipient device togenerate and display a user interface which can include a cohort view, asub-cohort view, and an individual view. In some embodiments, the servercan direct and/or control generation of the user interface with at leastone of: the risk API 722; the algorithm monitoring API 724, and theinterface engine 726.

The cohort view can relate to a plurality of users belonging to a commoncohort in such as, for example, a common class, course, or the like. Thecohort view can include at least one graphical depiction of a riskprediction for a set of at least some of a plurality of users in thatcohort. In some embodiments, the at least one graphical depiction of therisk prediction for the set of at least some of the plurality of usersin the cohort includes: a cohort window that can identify a currentbreakdown of users in the cohort into a plurality of risk-basedsub-cohorts, and a trend window that can display a depiction of thetime-dependent change to a size of the risk-based sub-cohorts. In someembodiments, the trend window can display the depiction of thetime-dependent change to the size of the risk-based sub-cohorts over asliding temporal window. In some embodiments, the trend window canautomatically update as the size of the risk-based sub-cohorts changesand as the sliding temporal window shifts with the passage of time.

The sub-cohort view can relate to a subset of the plurality of usersbelonging to a common cohort. This subset can be identified based on ashared common trait of users in the subset such as, for example, ashared risk categorization. The sub-cohort view can include at least onegraphical depiction of a risk prediction for at least one of the usersin the cohort and/or in the sub-cohort. The at least one graphicaldepiction of the risk prediction for the at least one of the users inthe cohort and/or in the sub-cohort can include: a graphical depictionof a risk category associated with the identified sub-cohort, anidentification window containing information identifying the at leastone of the users in the sub-cohort; a time-dependent risk windowdisplaying risk status over a period of time, and a risk bar identifyinga current risk level.

The individual view can relate to a single user that can, for examplebelong to the cohort and/or to the sub-cohort. In the individual view,information relating to the risk of that individual user can beprovided. In some embodiments, the individual view can include at leastone graphical depiction of risk sources for the user for whom theindividual view is generated. The at least one graphical depiction ofrisk sources for the user for whom the individual view is generated caninclude: a time-dependent risk window that can display risk status overa period of time, and a source window that can identify sources of riskand parameters characterizing those sources of risk.

After the direction and/or control of the generation of the userinterface, the process 1000 proceeds block 1008 wherein one or severaluser inputs corresponding to actions of the user in the user interfaceare received. In some embodiments, these user inputs can be receivedinitially by the I/O subsystem 526 of the device including the userdevice 106 and/or the supervisor device 110. These inputs can beconverted to one or several electrical signals and/or communications andcan be sent to the server 102 via the communication network 120. Theserver can receive these electrical inputs.

After the user inputs have been received, the process 1000 proceeds toblock 1010 wherein views within the user interface are switched and/orare directed or controlled to switch according to the received userinputs. In some embodiments, this can include the generation and/orsending of information from the server 102 to the device including theuser device 106 and/or the supervisor device 110 directing the userinterface to switch from one of the cohort view, the sub-cohort view,and the individual view to another of the cohort view, the sub-cohortview, and the individual view. The steps of block 1008 and 1010 can berepeated until the user terminates interaction with the user interface.

With reference now to FIG. 29, a flowchart illustrating one embodimentof a process 1011 for switching views within the user interface, andspecifically for switching to the sub-cohort view from the cohort viewis shown. The process 1011 can be performed in the place of, or as apart of the step of block 1010 of FIG. 28. The process 1011 begins atblock 1012, wherein a sub-cohort is identified. In some embodiments,this step can include receiving an input at the server 102 from thedevice including the user device 106 and/or the supervisor device 110identifying a display sub-cohort. After the sub-cohort has beenidentified, the process 1011 proceeds to block 1014, wherein a graphicaldepiction of the risk prediction relevant to the sub-cohort view isgenerated. In some embodiments, this can include generating the at leastone graphical depiction of the risk prediction for the at least one ofthe users in the display sub-cohort. After the graphical depiction ofthe risk prediction has been generated, the process 1011 proceeds toblock 1016, wherein the generation of the sub-cohort view is directedand/or controlled. In some embodiments, this can include the generationof one or several control signals by the server 102, and specifically byat least one of: the risk API 722; the algorithm monitoring API 724, andthe interface engine 726, and sending these one or several controlsignals to the device which can include the user device 106 and/or thesupervisor device 110. In some embodiments, these one or several controlsignal can direct the device, and specifically the I/O subsystem 526 ofthe device to generate and provide or display the sub-cohort view andthe generated at least one graphical depiction of the risk predictionfor the at least one of the users in the sub-cohort.

With reference now to FIG. 30, a flowchart illustrating one embodimentof a process 1020 for switching views within the user interface, andspecifically for switching to the individual view is shown. The process1020 can be performed in the place of, or as a part of the step of block1010 of FIG. 28. The process 1020 begins at block 1022, wherein anindividual, also referred to herein as a first user, is identified. Insome embodiments, this step can include receiving an input at the server102 from the device including the user device 106 and/or the supervisordevice 110 identifying the individual. After the individual has beenidentified, the process 1020 proceeds to block 1024, wherein a graphicaldepiction of the risk prediction relevant to the individual view isgenerated. In some embodiments, this can include generating the at leastone graphical depiction of the risk of the individual, the risk overtime of the individual, and/or of risk sources for the identifiedindividual. After the graphical depiction of the risk prediction hasbeen generated, the process 1020 proceeds to block 1026, wherein thegeneration of the individual view is directed and/or controlled. In someembodiments, this can include the generation of one or several controlsignals by the server 102, and specifically by at least one of: the riskAPI 722; the algorithm monitoring API 724, and the interface engine 726,and sending these one or several control signals to the device which caninclude the user device 106 and/or the supervisor device 110. In someembodiments, these one or several control signals can direct the device,and specifically the I/O subsystem 526 of the device to generate andprovide or display the individual view and the generated at least onegraphical depiction of the risk level of the individual, the risk levelover time of the individual, and/or of risk sources for the identifiedindividual for the individual.

With reference now to FIG. 31, a flowchart illustrating one embodimentof a process 1050 for automated customized cohort communication isshown. The process 1050 can be performed by the server 102 and/orcomponents thereof. The process 1050 begins at block 1052, whereincommunications are received by the server 102 from at least one userdevice 106, and specifically from a first user device and a second userdevice via the communication network 120. This communication cancomprise one or several electrical signals that can identify userinteractions with all or portions of the content distribution networkand/or content distributed by the content distribution network 100 tothe user. This communication can comprise a payload that can be, forexample, a response to one or several questions or one or severalquestion parts. In some embodiments, this payload can further identifythe content and/or question giving rise to the response.

After the communication has been received, the process 1050 proceedsblock 1054 wherein a risk prediction is generated. In some embodiments,the risk prediction can be generated by the server 102 and specificallyby the feature factory 706 and/or the prediction engine 716. In someembodiments, generating the risk prediction can include receivingevaluation data, evaluating the communication, generating one or severalfeatures based on the received communication, generating one or severalfeature vectors from the generated features, inputting the generated oneor several feature vectors into the prediction engine 716, andoutputting a risk prediction from the prediction engine 716. Inembodiments in which communications are received from a plurality ofuser devices 106 and specifically from a first user device and a seconduser device, a risk prediction can be generated from communicationsreceived from each of the user devices such that a first risk predictionis generated from one or several communications received from the firstuser device and a second risk prediction is generated from one orseveral communications from the second user device.

After the generation of the risk prediction, the process 1050 proceedsto block 1056 wherein a relevant risk cohort is determined for thegenerated risk prediction. In some embodiments, these risk cohorts canbe standard, predetermined cohorts, and in some embodiments, thesecohorts can be customized by a user. In some embodiments, for example,the cohorts can be customized by the user by the changing of boundariesof the cohorts, the creation of one or several new cohorts, the creationof one or several sub-cohorts, or the like. In some embodiments, thiscan include identifying the user associated with the generated riskprediction as belonging to one or several risk categories, also referredto herein as risk cohorts. In some embodiments, this can include placingthe user in a group identified as at risk, placing the user in a groupidentified as having an intermediate risk, or placing the user in agroup identified as having a low risk. In some embodiments, thedetermination of the relevant risk cohort can include a comparison ofthe generated risk prediction to one or several thresholds thatdelineate between risk cohorts. These thresholds can be retrieved fromthe threshold database 312 of the comparison of the generated riskprediction to these one or several thresholds that can be performed bythe server 102. In embodiments in which risk predictions were generatedfor multiple user devices 106, each of the users is associated with oneof the user devices 106 that can be identified as belonging to a riskcohort based on the generated risk prediction. Thus, in embodiments inwhich the first risk prediction was generated from communications fromthe first user device and the second risk prediction was generated fromcommunications from the second user device, the user associated with thefirst user device can be identified as belonging to a risk cohort andthe user associated with a second user device can be identified asbelonging to a risk cohort. In some embodiments, both the userassociated with the first user device and the user associated with asecond user device can be identified as belonging to the same riskcohort or, the user associated with the first user device can beidentified as belonging to a different risk cohort than the userassociated with the second user device. Thus, in one embodiments, theuser associated with the first user device can be identified asbelonging to a first risk cohort that can be associated with a firstrisk level and the user associated with the second user device can beidentified as belonging to a second risk cohort that can be associatedwith a second risk level. The identification of user inclusion in a riskcohort can be stored in the database server 104, and specifically in theuser profile database 301 of the database server 104.

After identification of inclusion in one or several risk cohorts, theprocess 1050 proceeds to block 1058 wherein generation of the userinterface is directed and/or controlled. In some embodiments, this caninclude generating one or several control signals of the server andsending those one or several control signals to a device that caninclude the user device and/or they can be different than the userdevice 106, and specifically to a supervisor device 110. In someembodiments, these one or several control signals can direct the I/Osubsystem 526 of the recipient device to generate and display a userinterface which can include a cohort view, a sub-cohort view, and anindividual view. In some embodiments, the user interface can furtherinclude one or several communication views which can, for example, allowgeneration and sending of one or several communications to usersincluding users belonging to one or several recipient cohorts. In someembodiments, the user interface can include a graphical depiction of theone or several risk cohorts, and specifically of the first risk cohortand/or the second risk cohort. In some embodiments, this graphicaldepiction can indicate the relative size of the risk cohorts, the numberof users in each of the relative risk cohorts, sources of riskassociated with each of the risk cohorts, or the like. In someembodiments, the server can direct and/or control generation of the userinterface with at least one of: the risk API 722; the algorithmmonitoring API 724, and the interface engine 726.

After the directing and controlling of generation of the user interface,the process 1050 can proceed to block 1060 wherein a communicationrequest is received. In some embodiments, the communication request canbe received by the server 102 from the device which can be, for examplethe user device 106 and/or the supervisor device 110. In someembodiments, the communication request can be received from a deviceother than the first user device and the second user device. In someembodiments, this communication request can be received by the devicevia the I/O subsystem 526 and can be sent to the server 102 via thecommunication network 120.

In some embodiments, the communication request can include communicationcontent for inclusion in the communication to be sent to the recipientcohort. This content can include, for example, customized contentgenerated by the user of the device sending the communication request,one or several interventions or remediations which can be generated bythe user of the device sending the communication request or which can begenerated by the server 102 according to a remediation or interventionprotocol or algorithm.

After the communication request has been received, the process 1050proceeds block 1062 wherein a recipient cohort is identified. In someembodiments, the recipient cohort can be identified based on informationreceived in the communication request, which information can identifyone or several individuals for receipt of the communication and/or oneor several groups of individuals linked by common trait or attribute forreceipt of the communication.

In some embodiments communication requests can include informationidentifying, for example, one or several risk cohorts as the recipientcohort. In some embodiments, the recipient cohort can comprise the firstrisk cohort, in some embodiments, the recipient cohort can comprise thesecond risk cohort, and in some embodiments, the recipient cohort cancomprise the first and second risk cohorts. The server 102 can extractinformation identifying the recipient cohort from the receivedcommunication and can thus identify the recipient cohort.

After the recipient cohort has been identified, the process 1050proceeds block 1064 wherein one or several modification inputs isreceived. In some embodiments, these modification puts can comprise amodification to the recipient cohort such as, for example, theidentification of one or several users in the recipient cohort forremoval from the recipient cohort and/or the identification of one orseveral users not in the recipient cohort for inclusion in the recipientcohort. Modification inputs can be received by the server 102 from thedevice which can include, for example, the user device 106 and/or thesupervisor device 110. In some embodiments, the modification inputs canbe received by the device via the I/O subsystem 526 and can be sent tothe server 102 via the communication network 120.

After the modification inputs have been received, the process 1050proceeds to block 1066 wherein the identified recipient cohort ismodified according to the received modification inputs. In someembodiments, this can include the addition of one or several recipientsto the recipient cohort and/or the removal of one or several recipientsfrom the recipient cohort. After the recipient cohort has been modified,the process 1050 proceeds to block 1068, wherein communicationinformation for the identified recipient cohort, including modificationsto the identified recipient cohort, is received and/or retrieved. Insome embodiments, this indication can be automatically received and/orretrieved by the server 102 from the database server 104 andspecifically from the user profile database 301 of the database server104.

After the cohort communication information has been received and/orretrieved, the process 1050 proceeds to block 1070 wherein thecommunication is sent to users in the recipient cohort. In someembodiments, this can include sending the communication to, for example,the first user device and/or the second user device.

In some embodiments, for example, the communication information canidentify a device different than the device from which communicationswere received from which a risk prediction was generated for receipt ofcommunications according to the process 1050. Thus, for example, in oneembodiment, the user of the second user device may send a communicationto the server 102 from which a risk prediction is generated, but thecommunication information for that user may indicate receipt ofcommunications from the server 102 at another user device 106 such as,for example, at a fourth user device. In some embodiments, this fourthuser device can be linked to the user via the communication informationthat can be stored in, for example, the user profile database. In suchan embodiment, the communication can be sent to devices including, forexample, the first user device and/or the fourth user device.

With reference now to FIG. 32, an exemplary illustration of oneembodiment of cohort view 1200 is shown. The cohort view 1200 includes acohort window 1202. The cohort window can identify a breakdown of usersin the cohort, which cohort can include, for example, a class, a courseof study, or the like, into a plurality of sub-cohorts 1204. In someembodiments, these sub-cohorts 1204 can be risk-based sub-cohorts. Asdepicted in FIG. 32, the sub-cohorts 1204 include a first sub-cohort1204-A, also identified as a high risk sub-cohort, a second sub-cohort1204-B, also identified herein as a medium risk sub-cohort, a thirdsub-cohort 1204-C, also identified as a low risk sub-cohort, and a thirdsub-cohort 1204-D for user for which insufficient data is present togenerate a risk prediction. In some embodiments, some or all of thesesub-cohorts 1204 can be associated with an indicator 1206 of thebreakdown of users in each of the sub-cohorts 1204 and/or the relativeor absolute size of each of the sub-cohorts 1204. This indicator cancomprise or several bars, or the like. As depicted in FIG. 32, theindicator 1206 can include a first indicator 1206-A associated with thefirst sub-cohort 1204-A, a second indicator 1206-B associated with thesecond sub-cohort 1204-B, a third indicator 1206-C associated with thethird sub-cohort 1204-C, and a fourth indicator 1204-D associated withthe fourth sub-cohort 1206-D. In some embodiments, the user can switchfrom the cohort view 1200 to a sub-cohort view 1250 by the manipulationof one of the portions of the cohort window 1202 associated with adesired one of the sub-cohorts 1204 such as, for example, the indicator1206 associated with the desired one of the sub-cohorts 1204.

In some embodiments, the cohort window 1202 can include one or severalcommunication icons 1208, and specifically as depicted in FIG. 32, thecohort window 1202 can include a first communication icon 1208-Aassociated with the first sub-cohort 1204-A, a second communication icon1208-B associated with the second sub-cohort 1204-B, a thirdcommunication icon 1208-C associated with a third sub-cohort 1204-C, anda fourth communication icon 1208-D associated with the fourth sub-cohort1204-D. In some embodiments, the manipulation of one or more of thecommunication icons 1208 can result in the generation and sending of acommunication request as indicated in block 1060 of FIG. 31.

The cohort view 1200 can further include a trend window 1210 that candisplay a depiction of the time-dependent change to a size of one orseveral of the sub-cohorts 1204. Specifically, the trend window 1210includes a first trend window 1210-A associated with the firstsub-cohort 1204-A, a second trend window 1210-B associated with thesecond sub-cohort 1204-B, and a third trend window 1210-C associatedwith the third sub-cohort 1204-C. In some embodiments, the trend window1210 can depict the time-dependent change the size of one or several ofthe sub-cohorts 1204 over a sliding temporal window. In someembodiments, this sliding temporal window can be indicated along, forexample, the horizontal axis of the trend window 1210. In someembodiments, these trend windows 1210 can automatically update as thesize of the sub-cohorts 1204 changes and/or as time passes and thetemporal window accordingly shifts. In some embodiments, the view of theuser interface 1201 can change from the cohort view 1200 to thesub-cohort view 1250 by manipulation of one of the trend windows 1210associated with a desired sub-cohort 1204.

With reference now to FIGS. 32 and 33, illustrations of embodiments ofthe sub-cohort view 1250 are shown. In the embodiment of FIG. 33, thesub-cohort view 1250 depict information relating to all of thesub-cohorts 1204, whereas in the embodiment of FIG. 34, the sub-cohortview 1250 depict information relating to one of the sub-cohorts, andspecifically to the first sub-cohort 1204-A. The sub-cohort view 150 caninclude an indicator 1206 of the break in users in each of thesub-cohorts 1204 and/or the relative or absolute size of each of thesub-cohorts 1204. In some embodiments, this indicator can furtherinclude a source indicator 1252 which can identify the specific one orseveral sub-cohorts 1204 for which the sub-cohort view 1250 isgenerated. This can include a first source indicator 1252-A, a secondsource indicator 1252-B, a third source indicator 1252-C, and a fourthsource indicator 1252-D. As seen in FIG. 33, the source indicator 1252indicates that the sub-cohort view 1250 includes data from each of thesub-cohorts 1204 and, as seen in FIG. 34, the source indicator 1252indicates that the sub-cohort view 1250 includes data from the firstsub-cohort 1204-A.

The sub-cohort view 1250 can further include an identification window1254. The identification window 1254 can include a list 1256, alsoreferred to herein as the student list, of users in the sub-cohort 1204from which the sub-cohort view 1250 includes data. The list 1256 canidentify the names of one or several users in the sub-cohort 1204, atime-dependent window 1258 displaying risk status of each of the usersin the sub-cohort 1204 over a period of time, a risk bar 1260identifying a current risk level of each of the users in the sub-cohort1204, and a source window configured to identify one or several sourcesof risk and/or parameters characterizing those sources of risk for eachof the users in the sub-cohort. In some embodiments, an input can beprovided directing a change in the user interface 1251 view from thesub-cohort view 1250 to the individual view 1280 by manipulation ofportions of the identification window 1254 relevant to the user for whomthe individual view 1280 is desired.

With reference now to FIG. 35, an illustration of one embodiment of acommunication view 1270 of the user interface 1251 is shown. In someembodiments, the user interface 1251 can be controlled to display thecommunication view 1270 when one or several of the communication icons1208 in, for example, the cohort view 1200 are manipulated. In someembodiments, the communications can include a recipient panel 1272 thatcan identify the one or several recipients of the communication. Therecipient panel 1272 can be further configured to allow the addition ofone or several new recipients and/or to remove one or severalrecipients. The communication view can further include a content panel1274 wherein the content of the communication can be inputted and/or canbe displayed, a send icon 1276, the manipulation of which send icon 1276can cause the sending of the communication generated in thecommunication view 1270, and a discard button, the manipulation of whichcan cause the discarding of the communication generated in thecommunication view 1270.

With reference now to FIG. 36, an illustration of one embodiment of theindividual 1280 view of the user interface 1201 is shown. The individualview 1280 can include information relating to a user, and specificallycan include information relating to risk levels for that user.Specifically, the individual view 1280 can include a user time-dependentwindow 1282 displaying risk status of the user for whom the individualview 1280 is generated over a period of time. The individual view canfurther include a source window 1284 configured to identify one orseveral sources of risk and/or parameters characterizing those sourcesof risk for the user for whom the individual view 1280 is generated. Insome embodiments, the individual view 1280 can further includeinformation relating to one or several interventions and/or remediationsthat can be provided to the user for whom the individual view 1280 isgenerated based on the sources of risk identified in the source window1284. In some embodiments, a parameter of each source of risk can becompared to a threshold value, which threshold value can be retrievedfrom the threshold database 310. If the parameter of one of the sourcesof risk meets or exceeds the threshold, then an intervention can betriggered. In some embodiments, the content library database 303 cancomprise a plurality of interventions that can be each linked to one ormore of the sources of risk. In some embodiments, an intervention can beselected from this plurality of interventions and can be recommended inthe individual view.

A number of variations and modifications of the disclosed embodimentscan also be used. Specific details are given in the above description toprovide a thorough understanding of the embodiments. However, it isunderstood that the embodiments may be practiced without these specificdetails. For example, well-known circuits, processes, algorithms,structures, and techniques may be shown without unnecessary detail inorder to avoid obscuring the embodiments.

Implementation of the techniques, blocks, steps and means describedabove may be done in various ways. For example, these techniques,blocks, steps and means may be implemented in hardware, software, or acombination thereof. For a hardware implementation, the processing unitsmay be implemented within one or more application-specific integratedcircuits (ASICs), digital signal processors (DSPs), digital signalprocessing devices (DSPDs), programmable logic devices (PLDs), fieldprogrammable gate arrays (FPGAs), processors, controllers,micro-controllers, microprocessors, other electronic units designed toperform the functions described above, and/or a combination thereof.

Also, it is noted that the embodiments may be described as a processwhich is depicted as a flowchart, a flow diagram, a swim diagram, a dataflow diagram, a structure diagram, or a block diagram. Although adepiction may describe the operations as a sequential process, many ofthe operations can be performed in parallel or concurrently. Inaddition, the order of the operations may be re-arranged. A process isterminated when its operations are completed, but could have additionalsteps not included in the figure. A process may correspond to a method,a function, a procedure, a subroutine, a subprogram, etc. When a processcorresponds to a function, its termination corresponds to a return ofthe function to the calling function or the main function.

Furthermore, embodiments may be implemented by hardware, software,scripting languages, firmware, middleware, microcode, hardwaredescription languages, and/or any combination thereof. When implementedin software, firmware, middleware, scripting language, and/or microcode,the program code or code segments to perform the necessary tasks may bestored in a machine readable medium such as a storage medium. A codesegment or machine-executable instruction may represent a procedure, afunction, a subprogram, a program, a routine, a subroutine, a module, asoftware package, a script, a class, or any combination of instructions,data structures, and/or program statements. A code segment may becoupled to another code segment or a hardware circuit by passing and/orreceiving information, data, arguments, parameters, and/or memorycontents. Information, arguments, parameters, data, etc. may be passed,forwarded, or transmitted via any suitable means including memorysharing, message passing, token passing, network transmission, etc.

For a firmware and/or software implementation, the methodologies may beimplemented with modules (e.g., procedures, functions, and so on) thatperform the functions described herein. Any machine-readable mediumtangibly embodying instructions may be used in implementing themethodologies described herein. For example, software codes may bestored in a memory. Memory may be implemented within the processor orexternal to the processor. As used herein, the term “memory” refers toany type of long term, short term, volatile, nonvolatile, or otherstorage medium and is not to be limited to any particular type of memoryor number of memories, or type of media upon which memory is stored.

Moreover, as disclosed herein, the term “storage medium” may representone or more memories for storing data, including read-only memory (ROM),random access memory (RAM), magnetic RAM, core memory, magnetic diskstorage mediums, optical storage mediums, flash memory devices and/orother machine readable mediums for storing information. The term“machine-readable medium” includes, but is not limited to portable orfixed storage devices, optical storage devices, and/or various otherstorage mediums capable of storing that contain or carry instruction(s)and/or data.

While the principles of the disclosure have been described above inconnection with specific apparatuses and methods, it is to be clearlyunderstood that this description is made only by way of example and notas limitation on the scope of the disclosure.

What is claimed is:
 1. A system for delivery of a triggered alert, thesystem comprising: memory comprising a model database containing amachine-learning algorithm, wherein the machine-learning algorithm isconfigured to generate a risk prediction based on inputted features; afirst user device configured to receive inputs from a user; a seconduser device; and at least one server configured to: receivecommunications corresponding to a plurality of user inputs provided tothe user device; generate a risk prediction with the machine-learningalgorithm based on features generated from the received communications;and direct generation of a user interface on the second user device, theuser interface comprising: a cohort view comprising at least onegraphical depiction of the risk prediction for a set of at least some ofa plurality of users in a cohort; a sub-cohort view comprising at leastone graphical depiction of the risk prediction for at least one of theusers in the cohort; and an individual view comprising at least onegraphical depiction of risk sources for one user.
 2. The system of claim1, wherein the at least one server is configured to switch between thecohort view, the sub-cohort view, and the individual view based on userinputs received from the second user device.
 3. The system of claim 2,wherein switching between the cohort view and the sub-cohort viewcomprises: receiving an input identifying a display sub-cohort from thesecond user device; generating the at least one graphical depiction ofthe risk prediction for the at least one of the users in the displaysub-cohort; and directing the second user device to generate thesub-cohort view and display the generated at least one graphicaldepiction of the risk prediction for the at least one of the users inthe display sub-cohort.
 4. The system of claim 3, wherein the at leastone graphical depiction of the risk prediction for the at least one ofthe users in the display sub-cohort comprises: a graphical depiction ofa risk category associated with identified display sub-cohort; anidentification window comprising information identifying the at leastone of the users in the sub-cohort; a time-dependent risk windowdisplaying risk status over a period of time; and a risk bar identifyinga current risk level.
 5. The system of claim 2, wherein switching to theindividual view comprises: receiving an input identifying the one user;generating the at least one graphical depiction of risk sources for theidentified one user; and directing the second user device to generatethe individual view and display the generated at least one graphicaldepiction of risk sources for the identified one user.
 6. The system ofclaim 5, wherein the at least one graphical depiction of risk sourcesfor the identified one user comprises: a time-dependent risk windowconfigured to display risk status over a period of time; and a sourcewindow configured to identify sources of risk and parameterscharacterizing those sources of risk.
 7. The system of claim 2, whereinthe at least one graphical depiction of the risk prediction for the setof at least some of the plurality of users in the cohort comprises: acohort window configured to identify a current breakdown of users in thecohort into a plurality of risk-based sub-cohorts; and a trend windowconfigured to display a depiction of time-dependent change to a size ofthe risk-based sub-cohorts.
 8. The system of claim 7, wherein the trendwindow is configured to display the depiction of the time-dependentchange to the size of the risk-based sub-cohorts over a sliding temporalwindow.
 9. The system of claim 8, wherein the trend window is configuredto automatically update as the size of the risk-based sub-cohortschanges and as the sliding temporal window shifts.
 10. The system ofclaim 1, wherein generating a risk prediction with the machine-learningalgorithm based on features generated from the received communicationscomprises: generating a feature vector for each of the features; andinputting the feature vectors into the machine-learning algorithm.
 11. Amethod for delivery a triggered alert, the method comprising: receivingcommunications corresponding to a plurality user inputs provided to auser device by a user; generating a risk prediction with amachine-learning algorithm based on features generated from the receivedcommunications; and directing generation of a user interface on a seconduser device, the user interface comprising: a cohort view comprising atleast one graphical depiction of the risk prediction for a set of atleast some of a plurality of users in a cohort; a sub-cohort viewcomprising at least one graphical depiction of the risk prediction forat least one of the users in the cohort; and an individual viewcomprising at least one graphical depiction of risk sources for oneuser.
 12. The method of claim 11, further comprising switching betweenthe cohort view, the sub-cohort view, and the individual view based onuser inputs received from the second user device.
 13. The method ofclaim 12, wherein switching between the cohort view and the sub-cohortview comprises: receiving an input identifying a display sub-cohort fromthe second user device; generating the at least one graphical depictionof the risk prediction for the at least one of the users in the displaysub-cohort; and directing the second user device to generate thesub-cohort view and display the generated at least one graphicaldepiction of the risk prediction for the at least one of the users inthe display sub-cohort.
 14. The method of claim 13, wherein the at leastone graphical depiction of the risk prediction for the at least one ofthe users in the display cohort comprises: a graphical depiction of arisk category associated with identified display sub-cohort; anidentification window comprising information identifying the at leastone of the users in the sub-cohort; a time-dependent risk windowdisplaying risk status over a period of time; and a risk bar identifyinga current risk level.
 15. The method of claim 12, wherein switching tothe individual view comprises: receiving an input identifying the oneuser; generating the at least one graphical depiction of risk sourcesfor the identified one user; and directing the second user device togenerate the individual view and display the generated at least onegraphical depiction of risk sources for the identified one user.
 16. Themethod of claim 15, wherein the at least one graphical depiction of risksources for the identified one user comprises: a time-dependent riskwindow configured to display risk status over a period of time; and asource window configured to identify sources of risk and parameterscharacterizing those sources of risk.
 17. The method of claim 12,wherein the at least one graphical depiction of the risk prediction forthe set of at least some of the plurality of users in the cohortcomprises: a cohort window configured to identify a current breakdown ofuser in the cohort into a plurality of risk-based sub-cohorts; and atrend window configured to display a depiction of time-dependent changeto a size of the risk-based sub-cohorts.
 18. The method of claim 17,wherein the trend window is configured to display the depiction of thetime-dependent change to the size of the risk-based sub-cohorts over asliding temporal window.
 19. The method of claim 18, wherein the trendwindow is configured to automatically update as the size of therisk-based sub-cohorts changes and as the sliding temporal windowshifts.
 20. The method of claim 11, wherein generating a risk predictionwith the machine-learning algorithm based on features generated from thereceived communications comprises: generating a feature vector for eachof the features; and inputting the feature vectors into themachine-learning algorithm.